SecureStack C3 Stackable Switches Configuration Guide Firmware Version 1.00.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the Program is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.
10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at law. 11. ASSIGNMENT.
Contents About This Guide Using This Guide .......................................................................................................................................... xxvii Structure of This Guide ................................................................................................................................. xxvii Related Documents .......................................................................................................................................
show system lockout .......................................................................................................................... 3-7 set system lockout .............................................................................................................................. 3-8 Setting Basic Switch Properties ...................................................................................................................... 3-9 Purpose ....................................................
Reviewing and Selecting a Boot Firmware Image ........................................................................................ 3-41 Purpose .................................................................................................................................................. 3-41 Commands ............................................................................................................................................. 3-41 show boot system .......................................
reset.................................................................................................................................................. 3-69 clear config ....................................................................................................................................... 3-70 Using and Configuring WebView .................................................................................................................. 3-71 Purpose ...........................................
show port trap................................................................................................................................... 4-22 set port trap ...................................................................................................................................... 4-22 show linkflap ..................................................................................................................................... 4-23 set linkflap globalstate .............................
Chapter 5: SNMP Configuration SNMP Configuration Summary ...................................................................................................................... 5-1 SNMPv1 and SNMPv2c ........................................................................................................................... 5-1 SNMPv3 ...................................................................................................................................................
show snmp notify .............................................................................................................................. 5-36 set snmp notify ................................................................................................................................. 5-37 clear snmp notify .............................................................................................................................. 5-38 show snmp notifyfilter .......................................
set spantree spanguard .................................................................................................................... 6-25 clear spantree spanguard ................................................................................................................. 6-26 show spantree spanguardtimeout .................................................................................................... 6-26 set spantree spanguardtimeout ........................................................
Configuring the VLAN Egress List ................................................................................................................ 7-14 Purpose .................................................................................................................................................. 7-14 Commands ............................................................................................................................................. 7-14 show port egress ............................
Chapter 9: Port Priority Configuration Port Priority Configuration Summary .............................................................................................................. 9-1 Configuring Port Priority ................................................................................................................................. 9-2 Purpose ....................................................................................................................................................
Chapter 11: Logging and Network Management Configuring System Logging ........................................................................................................................ 11-1 Purpose .................................................................................................................................................. 11-1 Commands .............................................................................................................................................
clear sntp poll-timeout .................................................................................................................... 11-33 Configuring Node Aliases ........................................................................................................................... 11-34 Purpose ................................................................................................................................................ 11-34 Commands ..........................................
Chapter 13: Configuring DHCP Server DHCP Overview ........................................................................................................................................... 13-1 DHCP Relay Agent ................................................................................................................................ 13-1 DHCP Server .........................................................................................................................................
Chapter 14: Preparing for Router Mode Pre-Routing Configuration Tasks ................................................................................................................. 14-1 Example ................................................................................................................................................. 14-2 Enabling Router Configuration Modes ..........................................................................................................
ip rip authentication-key.................................................................................................................... 16-6 ip rip message-digest-key................................................................................................................. 16-7 no auto-summary.............................................................................................................................. 16-8 split-horizon poison......................................................
Configuring VRRP ...................................................................................................................................... 16-45 Purpose ................................................................................................................................................ 16-45 Commands ........................................................................................................................................... 16-45 router vrrp ............................
ipv6 enable ..................................................................................................................................... 18-11 ipv6 mtu .......................................................................................................................................... 18-12 Neighbor Cache and Neighbor Discovery Commands ............................................................................... 18-14 clear ipv6 neighbors ....................................................
Chapter 20: OSPFv3 Configuration Overview ....................................................................................................................................................... 20-1 Default Conditions .................................................................................................................................. 20-2 Global OSPFv3 Configuration Commands ................................................................................................... 20-3 Purpose ........
show ipv6 ospf interface ................................................................................................................. 20-41 show ipv6 ospf interface stats ........................................................................................................ 20-43 show ipv6 ospf neighbor................................................................................................................. 20-45 show ipv6 ospf range..............................................................
set multiauth precedence ............................................................................................................... 21-38 clear multiauth precedence ............................................................................................................21-38 show multiauth port ........................................................................................................................ 21-39 set multiauth port ..............................................................
Configuring Access Lists ............................................................................................................................ 21-70 Purpose ................................................................................................................................................ 21-70 Commands ........................................................................................................................................... 21-70 show access-lists.........................
11-3 11-4 11-5 11-6 11-7 12-1 12-2 12-3 12-4 14-1 14-2 15-1 15-2 16-1 16-2 16-3 16-4 16-5 16-6 16-7 16-8 16-9 16-10 16-11 16-12 16-13 18-1 18-2 18-3 18-4 18-5 19-1 19-2 20-1 20-2 20-3 20-4 20-5 20-6 20-7 20-8 20-9 20-10 20-11 20-12 20-13 21-1 21-2 21-3 21-4 21-5 21-6 21-7 21-8 xxvi Mnemonic Values for Logging Applications...................................................................................... 11-8 show arp Output Details .......................................................................
About This Guide Welcome to the Enterasys Networks SecureStack C3 Configuration Guide. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure SecureStack C3 switch devices. Important Notice Depending on the firmware version used in your C3 device, some features described in this document may not be supported. Refer to the Release Notes shipped with your device to determine which features are supported.
Structure of This Guide duplex mode, auto‐negotiation, flow control, port mirroring, link aggegation and broadcast suppression. Chapter 5, SNMP Configuration, describes how to configure SNMP users and user groups, access rights, target addresses, and notification parameters.
Related Documents Chapter 21, Security Configuration, describes how to configure 802.1X authentication using EAPOL, how to configure RADIUS server, Secure Shell server, MAC authentication, MAC locking, Port Web Authentication, and IP access control lists (ACLs).
Getting Help Caution: Contains information essential to avoid damage to the equipment. Precaución: Contiene información esencial para prevenir dañar el equipo. Achtung: Verweißt auf wichtige Informationen zum Schutz gegen Beschädigungen. Getting Help For additional support related to this switch or document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/services/support 1-800-872-8440 (toll-free in U.S.
1 Introduction This chapter provides an overview of the SecureStack C3’s unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the switch, factory default settings, and information about how to use the Command Line Interface to configure the switch. For information about ... Refer to page ...
Switch Management Methods Switch Management Methods The SecureStack C3 switch can be managed using the following methods: • Locally using a VT type terminal connected to the console port. • Remotely using a VT type terminal connected through a modem. • Remotely using an SNMP management station. • In‐band through a Telnet connection. • In‐band using Enterasys Networks’ NetSight® management application. • Remotely using WebView™, Enterasys Networks’ embedded web server application.
Factory Default Settings Table 1-1 Default Settings for Basic Switch Operation (Continued) Feature Default Setting IGMP snooping Disabled. When enabled, query interval is set to 260 seconds and response time is set to 10 seconds. IP mask and gateway Subnet mask set to 0.0.0.0; default gateway set to 0.0.0.0. IP routes No static routes configured. Jumbo frame support Enabled on all ports. Link aggregation control protocol (LACP) Enabled. Link aggregation admin key Set to 32768 for all ports.
Factory Default Settings Table 1-1 1-4 Introduction Default Settings for Basic Switch Operation (Continued) Feature Default Setting RADIUS client Disabled. RADIUS last resort action When the client is enabled, set to Challenge. RADIUS retries When the client is enabled, set to 3. RADIUS timeout When the client is enabled, set to 20 seconds. SNMP Enabled. SNTP Disabled. Spanning Tree Globally enabled and enabled on all ports.
Factory Default Settings Table 1-2 Default Settings for Router Operation Feature Default Setting Access groups (IP security) None configured. Access lists (IP security) None configured. Area authentication (OSPF) Disabled. Area default cost (OSPF) Set to 1. Area NSSA (OSPF) None configured. Area range (OSPF) None configured. ARP table No permanent entries configured. ARP timeout Set to 14,400 seconds. Authentication key (RIP and OSPF) None configured.
Using the Command Line Interface Table 1-2 Default Settings for Router Operation (Continued) Feature Default Setting Retransmit delay (OSPF) Set to 1 second. Retransmit interval (OSPF) Set to 5 seconds. RIP receive version Set to accept both version 1 and version 2. RIP send version Set to version 1. RIP offset No value applied. SNMP Enabled. Split horizon Enabled for RIP packets without poison reverse. Stub area (OSPF) None configured. Telnet Enabled.
Using the Command Line Interface Figure 1-1 SecureStack C3 Startup Screen Username:admin Password: Enterasys SecureStack C3 Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2006 Chassis Serial Number: Chassis Firmware Revision: 041800249041 1.00.
Using the Command Line Interface 1. At the login prompt, enter one of the following default user names: – ro for Read‐Only access. – rw for Read‐Write access. – admin for Super User access. 2. Press ENTER. The Password prompt displays. 3. Leave this string blank and press ENTER. The switch information and prompt displays as shown in Figure 1‐1. Using an Administratively Configured User Account If the switch’s default user account settings have been changed, proceed as follows: 1.
Using the Command Line Interface Write access will be able to modify all modifiable parameters in set and show commands, as well as view Read‐Only commands. Administrators or Super Users will be allowed all Read‐Write and Read‐Only privileges, and will be able to modify local user accounts.
Using the Command Line Interface Figure 1-5 Scrolling Screen Output C3(su)->show mac MAC Address FID Port Type ---------------------------------------------------------00-00-1d-67-68-69 1 host Management 00-00-02-00-00-00 1 fe.1.2 Learned 00-00-02-00-00-01 1 fe.1.3 Learned 00-00-02-00-00-02 1 fe.1.4 Learned 00-00-02-00-00-03 1 fe.1.5 Learned 00-00-02-00-00-04 1 fe.1.6 Learned 00-00-02-00-00-05 1 fe.1.7 Learned 00-00-02-00-00-06 1 fe.1.8 Learned 00-00-02-00-00-07 1 fe.1.9 Learned 00-00-02-00-00-08 1 fe.1.
Using the Command Line Interface Table 1-3 Basic Line Editing Commands (Continued) Key Sequence Command Ctrl+K Delete all characters after cursor. Ctrl+N Scroll to next command in command history (use the CLI history command to display the history). Ctrl+P Scroll to previous command in command history. Ctr1+Q Resume the CLI process. Ctr1+S Pause the CLI process (for scrolling). Ctrl+T Transpose characters. Ctrl+U or Ctrl+X Delete all characters before cursor.
Using the Command Line Interface 1-12 Introduction
2 Configuring Switches in a Stack This chapter provides information about configuring SecureStack C3 switches in a stack. For information about ... Refer to page ...
Installing a New Stackable System of Up to Eight Units • The console port on the manager switch remains active for out‐of‐band (local) switch management, but the console port on each member switch is deactivated. This enables you to set the IP address and system password using a single console port. Now each switch can be configured locally using only the manager’s console port, or inband using a remote device and the CLI set of commands described in this section.
Installing Previously-Configured Systems in a Stack Installing Previously-Configured Systems in a Stack If member units in a stack have been previous members of a different stack, you may need to configure the renumbering of the stack as follows: 1. Stack the units in the method desired, and connect the stack cables. 2. Power up only the unit you wish to be manager. 3.
Creating a Virtual Switch Configuration Creating a Virtual Switch Configuration You can create a configuration for a SecureStack C3 switch before adding the actual physical device to a stack. This preconfiguration feature includes configuring protocols on the ports of the “virtual switch.” To create a virtual switch configuration in a stack environment: 1. Display the types of switches supported in the stack, using the show switch switchtype command (page 2‐8). 2.
Considerations About Using Clear Config in a Stack Considerations About Using Clear Config in a Stack When using the clear config command (page 3‐70) to clear configuration parameters in a stack, it is important to remember the following: • Use clear config to clear config parameters without clearing stack unit IDs. This command WILL NOT clear stack parameters or the IP address and avoids the process of re‐numbering the stack.
Stacking Configuration and Management Commands Stacking Configuration and Management Commands Purpose To review, individually configure and manage switches in a SecureStack C3 stack. Commands For information about... 2-6 Refer to page...
show switch show switch Use this command to display information about one or more units in the stack. Syntax show switch [status] [unit] Parameters status (Optional) Displays power and administrative status information for one or more units in the stack. unit (Optional) Specifies the unit(s) for which information will display. Defaults If not specified, status and other configuration information about all units will be displayed. Mode Switch command, read‐only.
show switch switchtype Detected Code in Flash Detected Code in Back Image Up Time 03.01.20 02.01.37 0 days 6 hrs 37 mins 54 secs This example shows how to display status information for switch unit 1 in the stack: C3(ro)->show switch status 1 Switch Switch Status Admin State Power State Inserted Switch: Model Identifier Description Configured Switch: Model Identifier Description 1 Full C3G124-24 Enterasys Networks, Inc. C3 -- Model C3G124-24 C3G124-24 Enterasys Networks, Inc.
show switch stack-ports This example shows how to display switch type information about SID1: C3(ro)->show switch switchtype 1 Switch Type Model Identifier Switch Description Management Preference Expected Code Version 0x56950200 C2G124-24 Enterasys Networks, Inc. C2 -Model C2G124-24 1 0xa08245 Supported Cards: Slot Card Index (CID) Model Identifier 0 1 C2G124-24 show switch stack-ports Use this command to display various data flow and error counters on stack ports.
set switch set switch Use this command to assign a switch ID, to set a switch’s priority for becoming the management switch if the previous management switch fails, or to change the switch unit ID for a switch in the stack. Syntax set switch {unit [priority value | renumber newunit]} Parameters unit Specifies a unit number for the switch. Value can range from 1 to 8. priority value Specifies a priority value for the unit. Valid values are 1 to 15 with higher values assigning higher priority.
set switch description Mode Switch command, read‐write. Example This example shows how to replicate the management image file to all switches in the stack: C3(su)->set switch copy-fw Are you sure you want to copy firmware? (y/n) y Code transfer completed successfully. set switch description Use this command to assign a name to a switch in the stack. Syntax set switch description unit description Parameters unit Specifies a unit number for the switch.
set switch member Mode Switch command, read‐write. Example This example shows how to move management functionality from switch 1 to switch 2: C3(su)->set switch movemenagement 1 2 Moving stack management will unconfigure entire stack including all interfaces. Are you sure you want to move stack management? (y/n) y set switch member Use this command to add a virtual member to a stack. This allows you to preconfigure a switch before the physical device is actually added to the stack.
clear switch member clear switch member Use this command to remove a member entry from the stack. Syntax clear switch member unit Parameters unit Specifies the unit number of the switch. Defaults None. Mode Switch command, read‐write.
clear switch member 2-14 Configuring Switches in a Stack
3 Basic Configuration At startup, the SecureStack C3 switch is configured with many defaults and standard features. This chapter describes how to customize basic system settings to adapt to your work environment. For information about ... Refer to page ...
Setting User Accounts and Passwords Setting User Accounts and Passwords Purpose To change the switch’s default user login and password settings, and to add new user accounts and passwords. Commands The commands used to configure user accounts and passwords are listed below. For information about... Refer to page...
set system login Username Access State admin ro rw super-user read-only read-write enabled enabled enabled Table 3‐1 provides an explanation of the command output. Table 3-1 show system login Output Details Output What It Displays... Password history size Number of previously used user login passwords that will be checked for duplication when the set password command is executed. Configured with set system password history (page 3-6).
clear system login clear system login Use this command to remove a local login user account. Syntax clear system login username Parameters username Specifies the login name of the account to be cleared. Note: The default admin (su) account cannot be deleted. Defaults None. Mode Switch command, super user.
set system password length Usage Read‐Write users can change their own passwords. Super Users (Admin) can change any password on the system. Examples This example shows how a super‐user would change the Read‐Write password from the system default (blank string): C3(su)->set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed.
set system password aging set system password aging Use this command to set the number of days user passwords will remain valid before aging out, or to disable user account password aging. Syntax set system password aging {days | disable} Parameters days Specifies the number of days user passwords will remain valid before aging out. Valid values are 1 to 365. disable Disables password aging. Defaults None. Mode Switch command, super user.
show system lockout show system lockout Use this command to display settings for locking out users after failed attempts to log in to the system. Syntax show system lockout Parameters None. Defaults None. Mode Switch command, super user. Example This example shows how to display user lockout settings. In this case, switch defaults have not been changed: C3(su)->show system lockout Lockout attempts: 3 Lockout time: 15 minutes. Table 3‐1 provides an explanation of the command output.
set system lockout set system lockout Use this command to set the number of failed login attempts before locking out (disabling) a read‐ write or read‐only user account, and the number of minutes to lockout the default admin super user account after maximum login attempts. Once a user account is locked out, it can only be re‐ enabled by a super user with the set system login command (page 3‐3).
Setting Basic Switch Properties Setting Basic Switch Properties Purpose To display and set the system IP address and other basic system (switch) properties. Commands The commands used to set basic system information are listed below. For information about... Refer to page...
show ip address For information about... Refer to page... show console 3-27 set console baud 3-28 show ip address Use this command to display the system IP address and subnet mask. Syntax show ip address Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the system IP address and subnet mask: C3(su)->show ip address Name ---------------host Address ---------------10.42.13.20 Mask ---------------255.255.0.
clear ip address Mode Switch command, read‐write. Example This example shows how to set the system IP address to 10.1.10.1 with a mask of 255.255.128.0 and a default gateway of 10.1.0.1: C3(su)->set ip address 10.1.10.1 mask 255.255.128.0 gateway 10.1.10.1 clear ip address Use this command to clear the system IP address. Syntax clear ip address Parameters None. Defaults None. Mode Switch command, read‐write.
set ip protocol Example This example shows how to display the method used to acquire a network IP address: C3(su)->show ip protocol System IP address acquisition method: dhcp set ip protocol Use this command to specify the protocol used to acquire a network IP address for switch management. Syntax set ip protocol {bootp | dhcp | none} Parameters bootp Select BOOTP as the protocol to use to acquire the system IP address. dhcp Select DHCP as the protocol to use to acquire the system IP address.
show system hardware Example This example shows how to display system information: C3(su)->show system System contact:John Smith System location:Bldg10 2nd floor East System name:10-2-C3 Switch 1 -------PS1-Status ---------Ok Fan1-Status ----------Ok Uptime d,h:m:s -------------2,19:57:39 PS2-Status ---------Not Installed and/or Not Operating Fan2-Status ----------Ok Logout ------5 min Table 3‐2 provides an explanation of the command output.
show system utilization Mode Switch command, read‐only. Example This example shows how to display the system’s hardware configuration. Please note that the information you see displayed may differ from this example. C3(su)->show system hardware SLOT HARDWARE INFORMATION -------------------Model: Serial Number: Vendor ID: Base MAC Address: Hardware Version: FirmWare Version: Boot Code Version: C3G124-24 041800129041 0x0e10 00:01:F4:5F:1D:E0 BCM56504 REV 19 1.00.xx 01.00.
set system enhancedbuffermode Storage Utilization: Type Description Size(Kb) Available (Kb) --------------------------------------------------------------RAM RAM device 262144 97173 Flash Images, Config, Other 31095 8094 This example shows how to display information about the processes running on the system. Only partial output is shown. C3(ro)->show system utilization process TID Name 5Sec 8d45148 captureTask 0.00% 8e264f8 poe_monitor 0.00% 8ea6d38 poe_read 0.80% 8eb7140 vlanDynEg 0.
set time Syntax show time Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the current time. The output shows the day of the week, month, day, and the time of day in hours, minutes, and seconds and the year: C3(su)->show time THU SEP 05 09:21:57 2002 set time Use this command to change the time of day on the system clock.
show summertime show summertime Use this command to display daylight savings time settings. Syntax show summertime Parameters None. Defaults None. Mode Switch command, read‐only.
set summertime date set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non‐recurring and will have to be reset annually. Syntax set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes] Parameters start_month Specifies the month of the year to start daylight savings time. start_date Specifies the day of the month to start daylight savings time.
clear summertime start_day Specifies the day of the week to restart daylight savings time. start_hr_min Specifies the time of day to restart daylight savings time. Format is hh:mm. end_week Specifies the week of the month to end daylight savings time. end_day Specifies the day of the week to end daylight savings time. end_hr_min Specifies the time of day to end daylight savings time. Format is hh:mm.
show banner motd Syntax set prompt prompt_string Parameters prompt_string Specifies a text string for the command prompt. Note: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the command prompt to Switch 1: C3(su)->set prompt “Switch 1” Switch 1(su)-> show banner motd Use this command to show the banner message of the day that will display at session login.
clear banner motd Syntax set banner motd message Parameters message Specifies a message of the day. This is a text string that needs to be in double quotes if any spaces are used. Use a \n for a new line and \t for a tab (eight spaces). Defaults None. Mode Switch command, read‐write.
set system name Syntax show version Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display version information. Please note that you may see different information displayed, depending on the type of hardware in the stack. C3(su)->show version Copyright (c) 2004 by Enterasys Networks, Inc. Model -------------C3G124-48P Serial # ----------------04370007900B Versions ------------------Hw:BCM5695 REV 17 Bp:01.00.23 Fw:1.00.xx BuFw:02.01.
set system name Parameters string (Optional) Specifies a text string that identifies the system. Note: A name string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults If string is not specified, the system name will be cleared. Mode Switch command, read‐write.
set system location set system location Use this command to identify the location of the system. Syntax set system location [string] Parameters string (Optional) Specifies a text string that indicates where the system is located. Note: A location string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults If string is not specified, the location name will be cleared. Mode Switch command, read‐write.
set width Example This example shows how to set the system contact string: C3(su)->set system contact “Joe Smith” set width Use this command to set the number of columns for the terminal connected to the switch’s console port. Syntax set width screenwidth [default] Parameters screenwidth Sets the number of terminal columns. Valid values are 50 to 150. default (Optional) Makes this setting persistent for all future sessions (written to NV‐RAM). Defaults None. Mode Switch command, read‐write.
show logout Parameters screenlength Sets the number of lines in the CLI display. Valid values are 0, which disables the scrolling screen feature described in “Displaying Scrolling Screens” on page 1‐9, and from 5 to 512. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the terminal length to 50: C3(su)->set length 50 show logout Use this command to display the time (in seconds) an idle console or Telnet CLI session will remain connected before timing out.
show console Parameters timeout Sets the number of minutes the system will remain idle before timing out. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the system timeout to 10 minutes: C3(su)->set logout 10 show console Use this command to display console settings. Syntax show console [baud] [bits] [flowcontrol] [parity] [stopbits] Parameters baud (Optional) Displays the input/output baud rate. bits (Optional) Displays the number of bits per character.
set console baud set console baud Use this command to set the console port baud rate. Syntax set console baud rate Parameters rate Sets the console baud rate. Valid values are: 300, 600, 1200, 2400, 4800, 5760, 9600, 14400, 19200, 38400, and 115200. Defaults None. Mode Switch command, read‐write.
Activating Licensed Features Activating Licensed Features In order to enable the C3 advanced features, such as Advanced Routing, you must purchase and activate a license key. If you have purchased a license, you can proceed to activate your license as described in this section. If you wish to obtain a permanent or evaluation license, use the Enterasys Customer Portal or contact the Enterasys Networks Sales Department.
Activating Licensed Features 4. Enable the license on the switch master unit last, using the set license command. Adding a New Member to a Licensed Stack When a SecureStack C3 switch without a license is added to a stack that has licensing enabled, the ports on the new switch will not pass traffic until a license has been applied to the new switch. To add a new member to a licensed stack: 1. Obtain a license for the new switch from the Enterasys Customer Portal. 2.
set license set license Use this command to activate the SecureStack C3 licensed features. Syntax set license type feature DBV expiration key hostid Parameters type Specifies the type of license. For the SecureStack C3, the value in this field is always INCREMENT. feature The name of the feature being licensed. DBV A date‐related string generated as part of the license. expiration Indicates whether the license is a permanent or an evaluation license.
show license show license Use this command to display license key information for switches with activated licenses. Syntax show license [unit number] Parameters unit number (Optional) Specifies the switch in a stack for which to display license information. Refer to Chapter 2, Configuring Switches in a Stack, for more information about stack unit IDs, or numbers. Defaults If no unit number is specified, license key information for all switches in the stack is displayed. Mode Switch command, read‐only.
clear license clear license Use this command to clear the license key settings. If multiple switches are used in the stack, you can use the all parameter to clear all the switches at once. Syntax clear license featureId feature {all | unit number} Parameters featureID feature The name of the feature being cleared. all Clears the license key settings on all units in the stack. unit number Clears the license key settings on the specified switch. Unit number can range from 1 to 8.
Configuring Power over Ethernet (PoE) Configuring Power over Ethernet (PoE) Important Notice This section applies only to PoE-equipped SecureStack C3 switches. Consult the Installation Guide shipped with your product to determine if it is PoE-equipped. Purpose To review and set PoE parameters, including the power available to the system, the usage threshold for each module, whether or not SNMP trap messages will be sent when power status changes, and per‐port PoE settings.
show inlinepower show inlinepower Use this command to display switch PoE properties. Syntax show inlinepower Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display switch PoE properties. In this case, units 1, 3, and 5 are PoE modules, so their power configurations display: C3(su)->show inlinepower Unit ---2 4 8 Status -----auto auto auto Power(W) -------360 360 360 Consumption(W) -------------0.00 0.00 5.20 Usage(%) -------0.00 0.00 1.
set inlinepower trap Example This example shows how to set the PoE threshold to 50 on unit 1: C3(su)->set inlinepower threshold 50 1 set inlinepower trap Use this command to enable or disable the sending of an SNMP trap message for a unit whenever the status of its ports changes, or whenever the unit’s PoE usage threshold is crossed. The unit’s PoE usage threshold must be set using the set inlinepower threshold command as described on page 3‐35.
set port inlinepower C3(su)->show port Port Admin ----------fe.1.1 auto fe.1.2 auto fe.1.3 auto fe.1.4 auto fe.1.5 auto fe.1.6 auto inlinepower fe.1.1-6 Oper Priority ----------------------searching low searching low searching low searching low searching low searching low Class ----0 0 0 0 0 0 set port inlinepower Use this command to configure PoE parameters on one or more ports.
Downloading a New Firmware Image Downloading a New Firmware Image You can upgrade the operational firmware in the SecureStack C3 switch without physically opening the switch or being in the same location. There are two ways to download firmware to the switch: • Via TFTP download. This procedure uses a TFTP server connected to the network and downloads the firmware using the TFTP protocol. For details on how to perform a TFTP download using the copy command, refer to “copy” on page 3‐50.
Downloading a New Firmware Image Boot Menu Version 01.00.29 05-09-2005 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). 4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Run Flash Diagnostics 7 - Update Boot Code 8 - Delete operational code 9 - Reset the system 10 - Restore Configuration to factory defaults (delete config files) 11 - Set new Boot Code password [Boot Menu] 2 3. Type 2.
Downloading a New Firmware Image Image Version Length............0x7 Image Version Bytes.............0x30 0x2e 0x35 0x2e 0x30 0x2e 0x34 (0.5.0.4) 7. From the boot menu options screen, type 2 to display the baud rate selection screen again. 8. Type 4 set the switch baud rate to 9600. The following message displays: Setting baud rate to 9600, you must change your terminal baud rate. 9. Set the terminal baud rate to 9600 and press ENTER. 10.
Reviewing and Selecting a Boot Firmware Image Reviewing and Selecting a Boot Firmware Image Purpose To display and set the image file the switch loads at startup. The C3 switch allows you to download and store a backup image, which can be selected as the startup image by using the commands described in this section. Commands The commands used to review and select the switch’s boot image file are listed below. For information about... Refer to page...
set boot system set boot system Use this command to set the firmware image the switch loads at startup. Syntax set boot system filename Parameters filename Specifies the name of the firmware image file. Defaults None. Mode Switch command, read‐write.
Starting and Configuring Telnet Starting and Configuring Telnet Purpose To enable or disable Telnet, and to start a Telnet session to a remote host. The SecureStack C3 switch allows a total of four inbound and / or outbound Telnet session to run simultaneously. Commands The commands used to enable, start and configure Telnet are listed below. For information about... Refer to page...
set telnet set telnet Use this command to enable or disable Telnet on the switch. Syntax set telnet {enable | disable} [inbound | outbound | all] Parameters enable | disable Enables or disables Telnet services. inbound | outbound | all (Optional) Specifies inbound service (the ability to Telnet to this switch), outbound service (the ability to Telnet to other devices), or all (both inbound and outbound). Defaults If not specified, both inbound and outbound Telnet service will be enabled or disabled.
Managing Switch Configuration and Files Managing Switch Configuration and Files Configuration Persistence Mode The default state of configuration persistence mode is “auto,” which means that when CLI configuration commands are entered, or when a configuration file stored on the switch is executed, the configuration is saved to NVRAM automatically at the following intervals: • On a stand‐alone unit, the configuration is checked every two minutes and saved if there has been a change.
show snmp persistmode show snmp persistmode Use this command to display the configuration persistence mode setting. By default, the mode is set to “auto save,” which automatically saves configuration changes at specific intervals. If the mode is set to “manual,” configuration commands are never automatically saved. In order to make configuration changes persistent when the mode is manual, the save config command must be issued as described in “Configuration Persistence Mode” on page 3‐45.
save config Mode Switch command, read‐write. Example This example shows how to set the configuration persistence mode to manual: C3(su)->set snmp persistmade manual save config Use this command to save the running configuration on all switch members in a stack. Syntax save config Parameters None. Defaults None. Mode Switch command, read‐write.
show config C3(su)->dir Images: ================================================================== Filename: C3-series_02.01.30 Version: 1.00.xx Size: 6873088 (bytes) Date: Fri Apr 1 15:23:24 2005 CheckSum: 7eb3dd1118a8ef60cf2c7bb162ac07ee Compatibility: C3G124-24, C3G124-48, C3H124-48, C3G124-48P, C3H124-48P C3K122-24, C3G134-24P Filename: Version: Size: Date: CheckSum: Compatibility: C3-image_02.61.30 (Active) (Boot) 1.00.
configure Usage The separate facilities that can be displayed by this command are identified in the display of the current configuration by a # preceding the facility name. For example, “#port” indicates the facility name “port.
copy Example This example shows how to execute the “Jan1_2004.cfg” configuration file: C3(su)->configure configs/Jan1_2004.cfg copy Use this command to upload or download an image or a CLI configuration file. Syntax copy source destination Parameters source Specifies location and name of the source file to copy. Options are a local file path in the configs directory, or the URL of a TFTP server. destination Specifies location and name of the destination where the file will be copied.
show tftp settings Mode Switch command, read‐write. Usage Use the show config command as described on page 3‐48 to display current image and configuration file names. Example This example shows how to delete the “Jan1_2004.cfg” configuration file: C3(su)->delete configs/Jan1_2004.cfg show tftp settings Use this command to display TFTP settings used by the switch during data transfers using TFTP. Syntax show tftp settings Parameters None. Defaults None. Mode Switch command, read‐only.
clear tftp timeout Parameters seconds Specifies the number of seconds to wait for a reply. The valid range is from 1 to 30 seconds. Default value is 2 seconds. Defaults None. Mode Switch command, read‐write. Example This example sets the timeout period to 4 seconds. C3(rw)->set tftp timeout 4 clear tftp timeout Use this command to reset the TFTP timeout value to the default value of 2 seconds. Syntax clear tftp timeout Parameters None. Defaults None. Mode Switch command, read‐write.
clear tftp retry Parameters retry Specifies the number of times a packet will be resent. The valid range is from 1 to 1000. Default value is 5 retries. Defaults None. Mode Switch command, read‐write. Example This example sets the retry count to 3. C3(rw)->set tftp retry 3 clear tftp retry Use this command to reset the TFTP retry value to the default value of 5 retries. Syntax clear tftp retry Parameters None. Defaults None. Mode Switch command, read‐write.
Configuring CDP Configuring CDP Purpose To review and configure the Enterasys CDP discovery protocol. This protocol is used to discover network topology. When enabled, this protocol allows Enterasys devices to send periodic PDUs about themselves to neighboring devices. Commands The commands used to review and configure the CDP discovery protocol are listed below. For information about... Refer to page...
show cdp CDP Hold Time CDP Authentication Code CDP Transmit Frequency :180 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 hex :60 Port Status ----------------fe.1.1 auto-enable fe.1.2 auto-enable fe.1.3 auto-enable fe.1.4 auto-enable fe.1.5 auto-enable fe.1.6 auto-enable fe.1.7 auto-enable fe.1.8 auto-enable fe.1.9 auto-enable Table 3‐4 provides an explanation of the command output. Table 3-4 show cdp Output Details Output What It Displays...
set cdp state set cdp state Use this command to enable or disable the CDP discovery protocol on one or more ports. Syntax set cdp state {auto | disable | enable} [port-string] Parameters auto | disable | enable Auto‐enables, disables or enables the CDP protocol on the specified port(s). In auto‐enable mode, which is the default mode for all ports, a port automatically becomes CDP‐enabled upon receiving its first CDP message. port‐string (Optional) Enables or disables CDP on specific port(s).
set cdp interval Mode Switch command, read‐write. Usage The authentication code value determines a switch’s CDP domain. If two or more switches have the same CDP authentication code, they will be entered into each other’s CDP neighbor tables. If they have different authentication codes, they are in different domains and will not be entered into each other’s CDP neighbor tables.
set cdp hold-time set cdp hold-time Use this command to set the hold time value for CDP discovery protocol configuration messages. Syntax set cdp hold-time hold-time Parameters hold‐time Specifies the hold time value for CDP messages in seconds.Valid values are from 15 to 600. Defaults None. Mode Switch command, read‐write. Example This example shows how to set CDP hold time to 60 seconds: C3(su)->set cdp hold-time 60 clear cdp Use this command to reset CDP discovery protocol settings to defaults.
show neighbors show neighbors This command displays Neighbor Discovery information for either the CDP or Cisco DP protocols. Syntax show neighbors [port-string] Parameters port‐string (Optional) Specifies the port or ports for which to display Neighbor Discovery information. Defaults If no port is specified, all Neighbor Discovery information is displayed. Mode Switch command, read‐only. Usage This command displays information discovered by both the CDP and the Cisco DP protocols.
Configuring Cisco Discovery Protocol Configuring Cisco Discovery Protocol Purpose To review and configure the Cisco discovery protocol. Discovery protocols are used to discover network topology. When enabled, they allow Cisco devices to send periodic PDUs about themselves to neighboring devices. Specifically, this feature enables recognizing PDUs from Cisco phones. A table of information about detected phones is kept by the switch and can be queried by the network administrator.
show ciscodp port info Device ID : 001188554A60 Last Change : WED NOV 08 13:19:56 2006 Table 3‐5 provides an explanation of the command output. Table 3-5 show ciscodp Output Details Output What It Displays... CiscoDP Whether Cisco DP is globally enabled or disabled. Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received. Default setting of auto-enabled can be reset with the set ciscodp status command.
set ciscodp status Table 3-6 show ciscodp port info Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 4-1. State Whether Cisco DP is enabled, disabled or auto-enabled on the port. Default state of enabled can be changed using the set ciscodp port command. v vid Whether a voice VLAN ID has been set on this port.
set ciscodp timer set ciscodp timer Use this command to set the number of seconds between Cisco discovery protocol PDU transmissions. Syntax set ciscodp timer seconds Parameters seconds Specifies the number of seconds between Cisco DP PDU transmissions. Valid values are from 5 to 254 seconds. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the Cisco DP timer to 120 seconds.
set ciscodp port set ciscodp port Use this command to set the status, voice VLAN, extended trust mode, and CoS priority for untrusted traffic for the Cisco Discovery Protocol on one or more ports. Syntax set ciscodp port { [status {disable | enable}] [ vvid {vlan-id | none | dot1p | untagged}] [trusted {yes | no}] [cos value] } port-string Parameters status Set the CiscoDP port operational status. disable Do not transmit or process CiscoDP PDUs. enable Transmit and process CiscoDP PDUs.
clear ciscodp • A Cisco DP port state of trusted or untrusted only affects tagged traffic transmitted by the device connected to the Cisco IP phone. Untagged traffic transmitted by the device connected to the Cisco IP phone is unaffected by this setting.
clear ciscodp port‐string (Optional) Specifies the port(s) on which status will be set. Defaults If no parameters are entered, all Cisco DP parameters are reset to the defaults globally and for all ports. Mode Switch mode, read‐write. Examples This example shows how to clear all the Cisco DP parameters back to the default settings. C3(rw)->clear ciscodp This example shows how to clear the Cisco DP status on port fe.1.5. C3(rw)->clear ciscodp port status fe.1.
Clearing and Closing the CLI Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session. Commands The commands used to clear and close the CLI session are listed below. For information about... Refer to page... cls 3-67 exit 3-68 cls (clear screen) Use this command to clear the screen for the current CLI session. Syntax cls Parameters None. Defaults None. Mode Switch command, read‐only.
exit exit Use either of these commands to leave a CLI session. Syntax exit Parameters None. Defaults None. Mode Switch command, read‐only. Usage By default, switch timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session. Use the set logout command (page 3‐26) to change this default.
Resetting the Switch Resetting the Switch Purpose To reset one or more switches, and to clear the user‐defined configuration parameters. Commands The commands used to reset the switch and clear the configuration are listed below. For information about... Refer to page... reset 3-69 clear config 3-70 reset Use this command to reset the switch without losing any user‐defined configuration settings. Syntax reset [unit] Parameters unit (Optional) Specifies a unit to be reset.
clear config Reloading switch 1. This switch is manager of the stack. STACK: detach 3 units clear config Use this command to clear the user‐defined configuration parameters. Syntax clear config [all] Parameters all (Optional) Clears user‐defined configuration parameters and stack unit numbers and priorities. Defaults If all is not specified, stacking configuration parameters will not be cleared. Mode Switch command, read‐write.
Using and Configuring WebView Using and Configuring WebView Purpose By default, WebView (The Enterasys Networks embedded web server for switch configuration and management tasks) is enabled on TCP port number 80 on the SecureStack C3 switch. You can verify WebView status, and enable or disable WebView using the commands described in this section. WebView can also be securely used over SSL port 443, if SSL is enabled on the switch. By default, SSL is disabled.
set webview set webview Use this command to enable or disable WebView on the switch. Syntax set webview {enable | disable} Parameters enable | disable Enable or disable WebView on the switch. Defaults None. Mode Switch command, read‐write. Usage It is good practice for security reasons to disable HTTP access on the switch when finished configuring with WebView, and then to only enable WebView on the switch when changes need to be made.
set ssl set ssl Use this command to enable or disable the use of WebView over SSL port 443. By default, SSL is disabled on the switch. This command can also be used to reinitialize the hostkey that is used for encryption. Syntax set ssl {enabled | disabled | reinitialize | hostkey reinitialize} Parameters enabled | disabled Enable or disable the ability to use WebView over SSL. reinitialize Stops and then restarts the SSL process.
set ssl 3-74 Basic Configuration
4 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. For information about... Refer to page...
Reviewing Port Status Port number can be: 1 – 48 for the C3G124‐48 and C3G124‐48P 1 – 24 for the C3G124‐24, C3G134‐24P The highest valid port number is dependent on the number of ports in the device and the port type. Examples Note: You can use a wildcard (*) to indicate all of an item. For example, fe.3.* would represent all 100Mbps Ethernet (fe) ports in unit 3 in the stack. This example shows the port‐string syntax for specifying the 100‐Mbps Ethernet ports 1 through 10 in unit 1 in the stack. fe.1.
show port show port Use this command to display whether or not one or more ports are enabled for switching. Syntax show port [port-string] Parameters port‐string (Optional) Displays operational status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, operational status information for all ports will be displayed. Mode Switch command, read‐only.
show port status show port status Use this command to display operating and admin status, speed, duplex mode and port type for one or more ports on the device. Syntax show port status [port-string] Parameters port‐string (Optional) Displays status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, status information for all ports will be displayed.
show port counters show port counters Use this command to display port counter statistics detailing traffic through the device and through all MIB2 network devices. Syntax show port counters [port-string] [switch | mib2] Parameters port‐string (Optional) Displays counter statistics for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. switch | mib2 (Optional) Displays switch or MIB2 statistics.
Disabling / Enabling and Naming Ports This example shows how to display all fe.3.1 port counter statistics related to traffic through the device. C3(su)->show port counters fe.3.1 switch Port: fe.3.1 Bridge Port: 2 802.1Q Switch Counters ----------------------Frames Received 0 Frames Transmitted 0 Table 4‐2 provides an explanation of the command output. Table 4-2 show port counters Output Details Output What It Displays... Port Port designation.
set port disable set port disable Use this command to administratively disable one or more ports. When this command is executed, in addition to disabling the physical Ethernet link, the port will no longer learn entries in the forwarding database. Syntax set port disable port-string Parameters port‐string Specifies the port(s) to disable. For a detailed description of possible port‐ string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None.
set port enable set port enable Use this command to administratively enable one or more ports. Syntax set port enable port-string Parameters port‐string Specifies the port(s) to enable. For a detailed description of possible port‐ string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Example This example shows how to enable fe.1.3: C3(su)->set port enable fe.1.
set port alias set port alias Use this command to assign an alias name to a port. Syntax set port alias port-string [name] Parameters port‐string Specifies the port to which an alias will be assigned. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. name (Optional) Assigns an alias name to the port. If the alias name contains spaces, the text string must be surrounded by double quotes. Maximum length is 60 characters.
show port speed For information about... Refer to page... show port duplex 4-11 set port duplex 4-15 show port speed Use this command to display the default speed setting on one or more ports. Syntax show port speed [port-string] Parameters port‐string (Optional) Displays default speed setting(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
show port duplex Mode Switch command, read‐write. Example This example shows how to set fe.3.3 to a port speed of 10 Mbps: C3(su)->set port speed fe.3.3 10 show port duplex Use this command to display the default duplex setting (half or full) for one or more ports. Syntax show port duplex [port-string] Parameters port‐string (Optional) Displays default duplex setting(s) for specific port(s).
Enabling / Disabling Jumbo Frame Support Defaults None. Mode Switch command, read‐write. Example This example shows how to set Fast Ethernet port 17 in unit 1 to full duplex: C3(su)->set port duplex fe.1.17 full Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on one or more ports. This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands The commands used to review, enable and disable jumbo frame support are listed below.
show port jumbo Example This example shows how to display the status of jumbo frame support for ge.1.1: C3(su)->show port jumbo ge.1.1 Port Number Jumbo Status Max Frame Size ------------- --------------- -----------------ge.1.
set port jumbo set port jumbo Use this command to enable or disable jumbo frame support on one or more ports. Syntax set port jumbo {enable | disable} [port-string] Parameters enable | disable Enables or disables jumbo frame support. port‐string (Optional) Specifies the port(s) on which to disable or enable jumbo frame support. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
Setting Auto-Negotiation and Advertised Ability Setting Auto-Negotiation and Advertised Ability Purpose To review, disable or enable auto‐negotiation, and to configure port advertisement for speed and duplex. During auto‐negotiation, the port “tells” the device at the other end of the segment what its capabilities and mode of operation are. If auto‐negotiation is disabled, the port reverts to the values specified by default speed, default duplex, and the port flow control commands.
set port negotiation Example This example shows how to display auto‐negotiation status for 1‐Gigabit Ethernet port 14 in unit 3: C3(su)->show port negotiation ge.3.14 auto-negotiation is enabled on port ge.3.14. set port negotiation Use this command to enable or disable auto‐negotiation on one or more ports. Syntax set port negotiation port-string {enable | disable} Parameters port‐string Specifies the port(s) for which to enable or disable auto‐negotiation.
set port advertise Mode Switch command, read‐only. Example This example shows how to display advertisement status for Gigabit ports 13 and 14: C3(su)->show port advertise ge.1.13-14 ge.1.13 capability advertised remote ------------------------------------------------10BASE-T yes yes yes 10BASE-TFD yes yes yes 100BASE-TX yes yes yes 100BASE-TXFD yes yes yes 1000BASE-T no no no 1000BASE-TFD yes yes yes pause yes yes no ge.1.
clear port advertise Mode Switch command, read‐write. Example This example shows how to configure port 1 to advertise 1000BASE‐T full duplex: C3(su)->set port advertise ge.1.1 1000tfd clear port advertise Use this command to configure a port to not advertise a specific speed/duplex capability when auto‐negotiating with another port. Syntax clear port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd | pause} Parameters port‐string Clear advertisements for specific port(s).
Setting Flow Control Setting Flow Control Purpose To review, enable or disable port flow control. Flow control is used to manage the transmission between two devices as specified by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transmitting devices. Commands The commands used to review and set port flow control are listed below: For information about... Refer to page...
set flowcontrol set flowcontrol Use this command to enable or disable flow control. Syntax set flowcontrol {enable | disable} Parameters enable | disable Enables or disables flow control settings. Defaults None. Mode Switch command, read‐write. Example This example shows how to enable flow control: C3(su)->set flowcontrol enable Setting Port Link Traps and Link Flap Detection Purpose To disable or re‐enable link traps, display link trap status, and to configure the link flapping detection function.
Setting Port Link Traps and Link Flap Detection For information about... Refer to page...
show port trap show port trap Use this command to display whether the port is enabled for generating an SNMP trap message if its link state changes. Syntax show port trap [port-string] Parameters port‐string (Optional) Displays link trap status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, the trap status for all ports will be displayed.
show linkflap Example The following example disables sending trap on Fast Ethernet port 1 on unit 3. C3(su)->set port trap fe.3.1 disable show linkflap Use this command to display link flap detection state and configuration information.
show linkflap Usage The linkflap default conditions are shown in the following table.
set linkflap globalstate This example shows how to display the link flap metrics table: C3(rw)->show linkflap metrics Port LinkStatus CurrentCount -------- ----------- -----------ge.1.1 operational 0 ge.1.2 disabled 4 ge.1.3 operational 3 TotalCount ---------0 15 3 TimeElapsed Violations ----------- ------------241437 0 147 5 241402 0 Table 4‐4 provides an explanation of the show linkflap metrics command output. Table 4-4 show linkflap metrics Output Details Output... What it displays...
set linkflap portstate set linkflap portstate Use this command to enable or disable link flap monitoring on one or more ports. Syntax set linkflap portstate {disable | enable} [port-string] Parameters disable | enable Disables or enables the link flap detection function. port‐string (Optional) Specifies the port or ports on which to disable or enable monitoring. Defaults If port‐string is not specified, all ports are enabled or disabled. Mode Switch command, read‐write.
set linkflap action set linkflap action Use this command to set reactions to a link flap violation. Syntax set linkflap action port-string {disableInterface | gensyslogentry | gentrap | all} Parameters port‐string Specifies the port(s) on which to set the link flap action. disableInterface Sets the reaction as disabling the interface. gensyslogentry Sets the reaction as generating a syslog entry. gentrap Sets the reaction as generating an SNMP trap. all Sets the reaction as all of the above.
set linkflap threshold Mode Switch mode, read‐write. Example This example shows how to clear the link flap violation action on port fe.1.4 to generating a Syslog entry. C3(rw)->clear linkflap action fe.1.4 gensyslogentry set linkflap threshold Use this command to set the link flap action trigger count. Syntax set linkflap threshold port-string threshold-value Parameters port‐string Specifies the port(s) on which to set the link flap action trigger count.
clear linkflap down Mode Switch mode, read‐write. Example This example shows how to set the link flap downtime on port fe.1.4 to 5000 seconds. C3(rw)->set linkflap downtime fe.1.4 5000 clear linkflap down Use this command to toggle link flap disabled ports to operational. Syntax clear linkflap down [port-string] Parameters port‐string (Optional) Specifies the ports to make operational. Defaults If port‐string is not specified, all ports disabled by a link flap violation will be made operational.
Configuring Broadcast Suppression Defaults If port‐string is not specified, settings and/or statistics will be cleared on all ports. Mode Switch mode, read‐write. Example This example shows how to clear all link flap options on port fe.1.4. C3(rw)->clear linkflap all fe.1.4 Configuring Broadcast Suppression Purpose To review and set the broadcast suppression threshold for one or more ports. This feature limits the number of received broadcast frames the switch will accept per port.
set port broadcast Mode Switch command, read‐only. Example This example shows how to display the broadcast suppression thresholds for ports 1 through 4: C3(su)->show port broadcast ge.1.1-4 Port Total BC Threshold Packets (pkts/s) ---------------------------------------ge.1.1 0 50 ge.1.2 0 50 ge.1.3 0 40 ge.1.4 0 14881 set port broadcast Use this command to set the broadcast suppression threshold, in packets per second, on one or more ports.
clear port broadcast Parameters port‐string Select the ports for which to clear broadcast suppression thresholds. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write.
Port Mirroring Example This example clears the broadcast threshold limit to 14881 pps for ports 1 through 5: C3(su)->clear port broadcast ge.1.1-5 threshold Port Mirroring Caution: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation.
Port Mirroring • All ports on the path from the source port to the remote destination must be members of the mirror VLAN. • On switches on the path from the source port to the remote destination, egress tagging has to be enabled on potential egress ports for the mirror VLAN. With the introduction of remote port mirroring: • Configured mirror destination ports will NOT lose their switching or routing properties as they do on SecureStack A2, B2, or C2 products.
show port mirroring show port mirroring Use this command to display the source and target ports for mirroring, and whether mirroring is currently enabled or disabled for those ports. Syntax show port mirroring Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display port mirroring information. In this case, fe.1.4 is configured as a source port and fe.1.
set port mirroring set port mirroring Use this command to create a new mirroring relationship or to enable or disable an existing mirroring relationship between two ports. Syntax set port mirroring {create | disable | enable} source destination} Parameters create | disable | enable Creates, disables or enables mirroring settings on the specified ports. source Specifies the source port designation. This is the port on which the traffic will be monitored.
clear port mirroring clear port mirroring Use this command to clear a port mirroring relationship. Syntax clear port mirroring source destination Parameters source Specifies the source port of the mirroring configuration to be cleared. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. destination Specifies the target port of the mirroring configuration to be cleared. Defaults None. Mode Switch command, read‐write.
clear mirror vlan Example The following example assigns a VLAN for mirroring traffic and then shows the configured port mirroring with the show port mirror command. C3(su)->set mirror vlan 2 C3(su)->show port mirroring Port Mirroring ============== Source Port = ge.1.1 Target Port = ge.1.10 Frames Mirrored = Rx and Tx Port Mirroring status enabled Mirror Vlan = 2 clear mirror vlan Use this command to clear the VLAN to be reserved for mirroring traffic.
Link Aggregation Control Protocol (LACP) them dynamically. Since the protocol is based on the IEEE 802.3ad specification, any switch from any vendor that supports this standard can aggregate links automatically. 802.3ad LACP aggregations can also be run to end‐users (that is, a server) or to a router. Note: Earlier (proprietary) implementations of port aggregation referred to groups of aggregated ports as "trunks".
Link Aggregation Control Protocol (LACP) Table 4-5 LACP Terms and Definitions (Continued) Term Definition LAG Link Aggregation Group. Once underlying physical ports (for example, fe.x.x, or ge.x.x) are associated with an aggregator port, the resulting aggregation will be represented as one LAG with a lag.x.x port designation. SecureStack C3 LAGs can have up to associated physical ports. LACPDU Link Aggregation Control Protocol Data Unit.
show lacp • There is no available aggregator for two or more ports with the same LAG ID. This can happen if there are simply no available aggregators, or if none of the aggregators have a matching admin key and system priority. • 802.1x authentication is enabled using the set eapol command (page 21‐21) and ports that would otherwise aggregate are not 802.1X authorized. The LACP implementation on the SecureStack C3 device will allow up to physical ports into a LAG.
show lacp Parameters port‐string (Optional) Displays LACP information for specific LAG port(s). Valid port designations are lag.0.1 ‐ 6. Defaults If port‐string is not specified, link aggregation information for all LAGs will be displayed. Mode Switch command, read‐only. Usage Each SecureStack C3 module provides 6 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. Once underlying physical ports (that is, fe.x.x, ge.x.
set lacp Table 4-6 show lacp Output Details (Continued) Output What It Displays... System Priority System priority value which determines aggregation precedence. Only one LACP system priority can be set on a SecureStack C3 device, using either the set lacp asyspri command (page 4-44), or the set port lacp command (page 4-50). Admin Key Port’s assigned key. SecureStack C3 devices provide a default admin key value of 32768 for all LAG ports (lag.0.1 though lag.0.6).
set lacp asyspri set lacp asyspri Use this command to set the LACP system priority. Syntax set lacp asyspri value Parameters asyspri Sets the system priority to be used in creating a LAG (Link Aggregation Group) ID. Valid values are 0 to 65535. value Specifies a system priority value. Valid values are 0 to 65535, with precedence given to lower values. Defaults None. Mode Switch command, read‐write. Usage LACP uses this value to determine aggregation precedence.
clear lacp Usage LACP will use this value to form an oper key. Only underlying physical ports with oper keys matching those of their aggregators will be allowed to aggregate. The default admin key value for all LAG ports is 32768. Example This example shows how to set the LACP admin key to 2000 for LAG port 6: C3(su)->set lacp aadminkey lag.0.6 2000 clear lacp Use this command to clear LACP system priority or admin key settings.
set lacp static set lacp static Use this command to disable or enable static link aggregation, or to assign one or more underlying physical ports to a Link Aggregation Group (LAG). Syntax set lacp static {disable | enable} | lagportstring [key] port-string Parameters disable | enable Disables or enables static link aggregation. lagportstring Specifies the LAG aggregator port to which new ports will be assigned. key (Optional) Specifies the new member port and LAG port aggregator admin key value.
set lacp singleportlag Defaults None. Mode Switch command, read‐write. Example This example shows how to remove fe.1.6 from the LAG of aggregator port 6: C3(su)->clear lacp static lag.0.6 fe.1.6 set lacp singleportlag Use this command to enable or disable the formation of single port LAGs. Syntax set lacp singleportlag {enable | disable} Parameters disable | enable Enables or disables the formation of single port LAGs. Defaults None. Mode Switch command, read‐write.
clear lacp singleportlag clear lacp singleportlag Use this command to reset the single port LAG function back to the default state of disabled. Syntax clear lacp singleportlag Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the single port LAG function back to disabled: C3(su)->clear lacp singleportlag show port lacp Use this command to display link aggregation information for one or more underlying physical ports.
show port lacp • E = Expired • F = Defaulted • D = Distributing (tx enabled) • C = Collecting (rx enabled) • S = Synchronized (actor and partner agree) • G = Aggregation allowed • S/l = Short/Long LACP timeout • A/p = Active/Passive LACP For more information about these states, refer to set port lacp (page 4‐50) and the IEEE 802.3 2002 specification. Examples This example shows how to display detailed LACP status information for port fe.1.12: C3(su)-> show port lacp port fe.1.
set port lacp set port lacp Use this command to set link aggregation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG, and their administrative state once aggregated.
set port lacp padminport padminport Sets a a default value to use as the port’s partner admin value. Valid values are 1 ‐ 65535. padminportpri padminportpri Sets a a default value to use as the port’s partner port priority. Valid values are 0 ‐ 65535, with lower values given higher priority. padminstate lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire Sets a port’s partner LACP administrative state. See aadminstate for valid options.
clear port lacp clear port lacp Use this command to clear link aggregation settings for one or more ports.
Configuring Protected Ports Configuring Protected Ports The Protected Port feature is used to prevent ports from forwarding traffic to each other, even when they are on the same VLAN. Ports may be designated as either protected or unprotected. Ports are unprotected by default. Multiple groups of protected ports are supported. Protected Port Operation Ports that are configured to be protected cannot forward traffic to other protected ports in the same group, regardless of having the same VLAN membership.
set port protected set port protected Use this command to specify a port to be protected and assign the port to a group of protected ports. A port can be assigned to only one group. Syntax set port protected port-string group-id Parameters port‐string Specifies the port or ports to be protected. group‐id Specifies the id of the group to which the ports should be assigned. Id can range from 0 to 2. Defaults None. Mode Switch command, read‐write. Example This example shows how to assign ports ge.1.
clear port protected Example This example shows how to display information about all protected ports: C3(ro)->show port protected Group id Port ---------------------1 ge.1.1 1 ge.1.2 1 ge.1.3 clear port protected Use this command to remove a port or group from protected mode. Syntax clear port protected [port-string] | [group-id] Parameters port‐string (Optional) Specifies the port or ports to remove from protected mode. group‐id (Optional) Specifies the id of the group to remove from protected mode.
set port protected name set port protected name Use this command to assign a name to a protected port group id. Syntax set port protected name group-id name Parameters group‐id Specifies the id of this group. Id can range from 0 to 2. name Specifies a name for the group. The name can be up to 32 characters in length. Defaults None. Mode Switch command, read‐write.
clear port protected name clear port protected name Use this command to clear the name of a protected group. Syntax clear port protected name group-id Parameters group‐id Specifies the id of the group for which to clear the name. Id can range from 0 to 2. Defaults None. Mode Switch command, read‐write.
clear port protected name 4-58 Port Configuration
5 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. For information about... Refer to page...
SNMP Configuration Summary • SNMP network management applications, such as Enterasys Networks’ NetSight Atlas, which communicate with agents to get statistics and alerts from the managed devices. SNMPv3 SNMPv3 is an interoperable standards‐based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: – Message integrity — Collects data securely without being tampered with or corrupted.
SNMP Configuration Summary Table 5-1 SNMP Security Levels (Continued) Model Security Level Authentication Encryption How It Works v3 NoAuthNoPriv User name None Uses a user name match for authentication. AuthNoPriv MD5 or SHA None Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. authPriv MD5 or SHA DES Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.
Reviewing SNMP Statistics Reviewing SNMP Statistics Purpose To review SNMP statistics. Commands The commands used to review SNMP statistics are listed below. For information about... Refer to page... show snmp engineid 5-4 show snmp counters 5-5 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. Syntax show snmp engineid Parameters None. Defaults None. Mode Switch command, read‐only.
show snmp counters Table 5-2 show snmp engineid Output Details (Continued) Output What It Displays... Engine Time Time in seconds since last reboot. Max Msg Size Maximum accepted length, in bytes, of SNMP frame. show snmp counters Use this command to display SNMP traffic counter values. Syntax show snmp counters Parameters None. Defaults None. Mode Switch command, read‐only.
show snmp counters snmpOutTraps snmpSilentDrops snmpProxyDrops = 0 = 0 = 0 --- USM Stats counters: usmStatsUnsupportedSecLevels usmStatsNotInTimeWindows usmStatsUnknownUserNames usmStatsUnknownEngineIDs usmStatsWrongDigests usmStatsDecryptionErrors = = = = = = 0 0 0 0 0 0 Table 5‐3 shows a detailed explanation of the command output. Table 5-3 5-6 show snmp counters Output Details Output What It Displays... snmpInPkts Number of messages delivered to the SNMP entity from the transport service.
show snmp counters Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... snmpInGetResponses Number of SNMP Get-Response PDUs accepted and processed by the SNMP protocol entity. snmpInTraps Number of SNMP Trap PDUs accepted and processed by the SNMP protocol entity. snmpOutTooBigs Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as "tooBig.
Configuring SNMP Users, Groups, and Communities Configuring SNMP Users, Groups, and Communities Purpose To review and configure SNMP users, groups, and v1 and v2 communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users.
show snmp user show snmp user Use this command to display information about SNMP users. These are people registered to access SNMP management. Syntax show snmp user [list] | [user] | [remote remote] [volatile | nonvolatile | readonly] Parameters list (Optional) Displays a list of registered SNMP user names. user (Optional) Displays information about a specific user. remote remote (Optional) Displays information about users on a specific remote SNMP engine.
set snmp user Table 5-4 show snmp user Output Details Output What It Displays... EngineId SNMP local engine identifier. Username SNMPv1 or v2 community name or SNMPv3 user name. Auth protocol Type of authentication protocol applied to this user. Privacy protocol Whether a privacy protocol is applied when authentication protocol is in use. Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady.
clear snmp user clear snmp user Use this command to remove a user from the SNMPv3 security‐model list. Syntax clear snmp user user [remote remote] Parameters user Specifies an SNMPv3 user to remove. remote remote (Optional) Removes the user from a specific remote SNMP engine. Defaults If remote is not specified, the user will be removed from the local SNMP engine. Mode Switch command, read‐write.
set snmp group Mode Switch command, read‐only. Example This example shows how to display SNMP group information: C3(su)->show snmp group --- SNMP group information --Security model = SNMPv1 Security/user name = public Group name = Anyone Storage type = nonVolatile Row status = active Security model Security/user name Group name Storage type Row status = = = = = SNMPv1 public.router1 Anyone nonVolatile active Table 5‐5 shows a detailed explanation of the command output.
clear snmp group Mode Switch command, read‐write. Example This example shows how to create an SNMP group called “anyone”, assign a user named “public” and assign SNMPv3 security to the group: C3(su)->set snmp group anyone user public security-model usm clear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group and user. Syntax clear snmp group groupname user [security-model {v1 | v2c | usm}] Parameters groupname Specifies the SNMP group to be cleared.
set snmp community Mode Switch command, read‐only. Example This example shows how to display information about the SNMP “public” community name. For a description of this output, refer to set snmp community (page 5‐14). C3(su)->show snmp community public --- Configured community strings --Name Security name Context Transport tag Storage type Status = = = = = = public public nonVolatile active set snmp community Use this command to configure an SNMP community group.
clear snmp community Example This example shows how to set an SNMP community name called “vip” C3(su)->set snmp community vip clear snmp community Use this command to delete an SNMP community name. Syntax clear snmp community name Parameters name Specifies the SNMP community name to clear. Defaults None. Mode Switch command, read‐write. Example This example shows how to delete the community name “vip.
Configuring SNMP Access Rights Configuring SNMP Access Rights Purpose To review and configure SNMP access rights, assigning viewing privileges and security levels to SNMP user groups. Commands The commands used to review and configure SNMP access are listed below. For information about... Refer to page... show snmp access 5-16 set snmp access 5-18 clear snmp access 5-19 show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups.
show snmp access If volatile, nonvolatile or read‐only are not specified, all entries of all storage types will be displayed. Mode Switch command, read‐only.
set snmp access set snmp access Use this command to set an SNMP access configuration. Syntax set snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] [exact | prefix] [read read] [write write] [notify notify] [volatile | nonvolatile] Parameters groupname Specifies a name for an SNMPv3 group. security‐model v1 | v2c | usm Specifies SNMP version 1, 2c or 3 (usm).
clear snmp access clear snmp access Use this command to clear the SNMP access entry of a specific group, including its set SNMP security‐model, and level of security. Syntax clear snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] Parameters groupname Specifies the name of the SNMP group for which to clear access. security‐model v1 | v2c | usm Specifies the security model to be cleared for the SNMP access group.
Configuring SNMP MIB Views Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands used to review and configure SNMP MIB views are listed below. For information about... Refer to page... show snmp view 5-20 show snmp context 5-22 set snmp view 5-23 clear snmp view 5-24 show snmp view Use this command to display the MIB configuration for SNMPv3 view‐based access (VACM).
show snmp view Storage type Row status = nonVolatile = active View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = All 0.0 View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = Network 1.3.6.1.2.1 included nonVolatile active included nonVolatile active Table 5‐7 provides an explanation of the command output. For details on using the set snmp view command to assign variables, refer to “set snmp view” on page 5‐23.
show snmp context show snmp context Use this command to display the context list configuration for SNMP’s view‐based access control. Syntax show snmp context Parameters None. Defaults None. Mode Switch command, read‐only. Usage An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity. The default context allows all SNMP agents to access all management information (MIBs).
set snmp view set snmp view Use this command to set a MIB configuration for SNMPv3 view‐based access (VACM). Syntax set snmp view viewname viewname subtree subtree [mask mask] [included | excluded] [volatile | nonvolatile] Parameters viewname viewname Specifies a name for a MIB view. subtree subtree Specifies a MIB subtree name. mask mask (Optional) Specifies a bitmask for a subtree. included | excluded (Optional) Specifies subtree use (default) or no subtree use.
clear snmp view clear snmp view Use this command to delete an SNMPv3 MIB view. Syntax clear snmp view viewname subtree Parameters viewname Specifies the MIB view name to be deleted. subtree Specifies the subtree name of the MIB view to be deleted. Defaults None. Mode Switch command, read‐write. Example This example shows how to delete SNMP MIB view “public”: C3(su)->clear snmp view public 1.3.6.
Configuring SNMP Target Parameters Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters. This controls where and under what circumstances SNMP notifications will be sent. A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command (“set snmp targetaddr” on page 5‐30). Commands The commands used to review and configure SNMP target parameters are listed below. For information about...
show snmp targetparams Storage type Row status = nonVolatile = active Target Parameter Name Security Name Message Proc. Model Security Level Storage type Row status = = = = = = v2cExampleParams public SNMPv2c noAuthNoPriv nonVolatile active Target Parameter Name Security Name Message Proc. Model Security Level Storage type Row status = = = = = = v3ExampleParams CharlieDChief USM authNoPriv nonVolatile active Table 5‐8 shows a detailed explanation of the command output.
set snmp targetparams set snmp targetparams Use this command to set SNMP target parameters, a named set of security/authorization criteria used to generate a message to a target. Syntax set snmp targetparams paramsname user user security-model {v1 | v2c | usm} messageprocessing {v1 | v2c | v3} [noauthentication | authentication | privacy] [volatile | nonvolatile] Parameters paramsname Specifies a name identifying parameters used to generate SNMP messages to a particular target.
clear snmp targetparams clear snmp targetparams Use this command to clear the SNMP target parameter configuration. Syntax clear snmp targetparams targetParams Parameters targetParams Specifies the name of the parameter in the SNMP target parameters table to be cleared. Defaults None. Mode Switch command, read‐write.
Configuring SNMP Target Addresses Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages. An address configuration can be linked to optional SNMP transmit, or target, parameters (such as timeout, retry count, and UDP port) set with the set snmp targetparams command ((page 5‐27)). Commands The commands used to review and configure SNMP target addresses are listed below. For information about... Refer to page...
set snmp targetaddr Parameters Storage type Row status = v2cParams = nonVolatile = active Table 5‐9 shows a detailed explanation of the command output. Table 5-9 show snmp targetaddr Output Details Output What It Displays... Target Address Name Unique identifier in the snmpTargetAddressTable. Tag List Tags a location to the target address as a place to send notifications. IP Address Target IP address. UDP Port# Number of the UDP port of the target host to use.
clear snmp targetaddr taglist taglist (Optional) Specifies a list of SNMP notify tag values. This tags a location to the target address as a place to send notifications. List must be enclosed in quotes and tag values must be separated by a space (for example, “tag 1 tag 2”). volatile | nonvolatile (Optional) Specifies temporary (default), or permanent storage for SNMP entries. Defaults If not specified, udpport will be set to 162. If not specified, mask will be set to 255.255.255.
clear snmp targetaddr Example This example shows how to clear SNMP target address entry “tr”: C3(su)->clear snmp targetaddr tr 5-32 SNMP Configuration
Configuring SNMP Notification Parameters Configuring SNMP Notification Parameters About SNMP Notify Filters Profiles indicating which targets should not receive SNMP notification messages are kept in the NotifyFilter table. If this table is empty, meaning that no filtering is associated with any SNMP target, then no filtering will take place. “Traps” or “informs” notifications will be sent to all destinations in the SNMP targetAddrTable that have tags matching those found in the NotifyTable.
show newaddrtrap show newaddrtrap Use this command to display the global and port‐specific status of the SNMP new MAC addresses trap function. Syntax show newaddrtrap [port-string] Parameters port‐string (Optional) Displays the status of the new MAC addresses trap function on specific ports. Defaults If port‐string is not specified, the status of the new MAC addresses trap function will be displayed for all ports. Mode Switch command, read‐only.
set newaddrtrap set newaddrtrap Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detected. Syntax set newaddrtrap [port-string] { enable | disable } Parameters port‐string (Optional) Enable or disable the new MAC addresses trap function on specific ports. enable | disable Enable or disable the new MAC addresses trap function. If entered without the port‐string parameter, enables or disable the function globally.
show snmp notify show snmp notify Use this command to display the SNMP notify configuration, which determines which management targets will receive SNMP notifications. Syntax show snmp notify [notify] [volatile | nonvolatile | read-only] Parameters notify (Optional) Displays notify entries for a specific notify name. volatile | nonvolatile | read‐ only (Optional) Displays notify entries for a specific storage type. Defaults If a notify name is not specified, all entries will be displayed.
set snmp notify set snmp notify Use this command to set the SNMP notify configuration. This creates an entry in the SNMP notify table, which is used to select management targets who should receive notification messages. This command’s tag parameter can be used to bind each entry to a target address using the set snmp targetaddr command (“set snmp targetaddr” on page 5‐30). Syntax set snmp notify notify tag tag [trap | inform] [volatile | nonvolatile] Parameters notify Specifies an SNMP notify name.
clear snmp notify clear snmp notify Use this command to clear an SNMP notify configuration. Syntax clear snmp notify notify Parameters notify Specifies an SNMP notify name to clear. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear the SNMP notify configuration for “hello”: C3(su)->clear snmp notify hello show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications.
set snmp notifyfilter Example This example shows how to display SNMP notify filter information. In this case, the notify profile “pilot1” in subtree 1.3.6 will not receive SNMP notification messages: C3(su)->show snmp notifyfilter --- SNMP notifyFilter information --Profile = pilot1 Subtree = 1.3.6 Filter type = included Storage type = nonVolatile Row status = active set snmp notifyfilter Use this command to create an SNMP notify filter configuration.
clear snmp notifyfilter clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. Syntax clear snmp notifyfilter profile subtree oid-or-mibobject Parameters profile Specifies an SNMP filter notify name to delete. subtree oid‐or‐ mibobject Specifies a MIB subtree ID containing the filter to be deleted. Defaults None. Mode Switch command, read‐write.
set snmp notifyprofile Example This example shows how to display SNMP notify information for the profile named “area51”: C3(su)->show snmp notifyprofile area51 --- SNMP notifyProfile information --Notify Profile = area51 TargetParam = v3ExampleParams Storage type = nonVolatile Row status = active set snmp notifyprofile Use this command to create an SNMP notify filter profile configuration.
clear snmp notifyprofile clear snmp notifyprofile Use this command to delete an SNMP notify profile configuration. Syntax clear snmp notifyprofile profile targetparam targetparam Parameters profile Specifies an SNMP filter notify name to delete. targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable. Defaults None. Mode Switch command, read‐write.
Creating a Basic SNMP Trap Configuration Creating a Basic SNMP Trap Configuration Traps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indicate the occurrence of a significant event, such as when a port or device goes up or down, when there are authentication failures, and when power supply errors occur.
Creating a Basic SNMP Trap Configuration This trap notification will be sent with the community name mgmt to the workstation 192.168.190.80 (which is target address tr). It will use security and authorization criteria contained in a target parameters entry called v2cExampleParams. C3(su)->set snmp community mgmt C3(su)->set snmp targetparams v2cExampleParams user mgmt security-model v2c message-processing v2c C3(su)->set snmp notify entry1 tag TrapSink C3(su)->set snmp targetaddr tr 192.168.190.
6 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. For information about... Refer to page... Spanning Tree Configuration Summary 6-1 Reviewing and Setting Spanning Tree Bridge Parameters 6-3 Reviewing and Setting Spanning Tree Port Parameters 6-32 Caution: Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm.
Spanning Tree Configuration Summary only if the forwarding link goes down. MSTP assigns each VLAN present on the network to a particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another. Thus, traffic associated with one set of VLANs can traverse a particular inter‐switch link, while traffic associated with another set of VLANs can be blocked on that link.
Reviewing and Setting Spanning Tree Bridge Parameters Reviewing and Setting Spanning Tree Bridge Parameters Purpose To display and set Spanning Tree bridge parameters, including device priorities, hello time, maximum wait time, forward delay, path cost, and topology change trap suppression. Commands The commands used to review and set Spanning Tree bridge parameters are listed below. For information about... Refer to page...
Reviewing and Setting Spanning Tree Bridge Parameters For information about... 6-4 Refer to page...
show spantree stats show spantree stats Use this command to display Spanning Tree information for one or more ports. Syntax show spantree stats [port port-string] [sid sid] [active] Parameters port port‐string (Optional) Displays information for the specified port(s). For a detailed description of possible port‐‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. sid sid (Optional) Displays information for a specific Spanning Tree identifier. If not specified, SID 0 is assumed.
show spantree stats Table 6-1 6-6 show spantree Output Details Output What It Displays... Spanning tree instance Spanning Tree ID. Spanning tree status Whether Spanning Tree is enabled or disabled. Designated Root MacAddr MAC address of the designated Spanning Tree root bridge. Designated Root Port Port through which the root bridge can be reached. Designated Root Priority Priority of the designated root bridge. Designated Root Cost Total path cost to reach the root.
set spantree set spantree Use this command to globally enable or disable the Spanning Tree protocol on the switch. Syntax set spantree {disable | enable} Parameters disable | enable Globally disables or enables Spanning Tree. Defaults None. Mode Switch command, read‐write. Example This example shows how to disable Spanning Tree on the device: C3(su)->set spantree disable show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device.
set spantree version set spantree version Use this command to set the version of the Spanning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D‐compatible. Syntax set spantree version {mstp | stpcompatible | rstp} Parameters mstp Sets the version to STP 802.1s‐compatible. stpcompatible Sets the version to STP 802.1D‐compatible. rstp Sets the version to 802.1w‐compatible. Defaults None. Mode Switch command, read‐write.
show spantree bpdu-forwarding Example This example shows how to reset the Spanning Tree version: C3(su)->clear spantree version show spantree bpdu-forwarding Use this command to display the Spanning Tree BPDU forwarding mode. Syntax show spantree bpdu-forwarding Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the Spanning Tree BPDU forwarding mode: C3(su)->show spantree bpdu-forwarding BPDU forwarding is disabled.
show spantree bridgeprioritymode Example This example shows how to enable BPDU forwarding: C3(rw)-> set spantree bpdu-forwarding enable show spantree bridgeprioritymode Use this command to display the Spanning Tree bridge priority mode setting. Syntax show spantree bridgeprioritymode Parameters None. Defaults None. Mode Switch command, read‐only.
clear spantree bridgeprioritymode Usage The mode affects the range of priority values used to determine which device is selected as the Spanning Tree root as described in set spantree priority (“set spantree priority” on page 6‐17). The default for the switch is to use 802.1t bridge priority mode. Example This example shows how to set the bridge priority mode to 802.
set spantree msti Example This example shows how to display a list of MST instances. In this case, SID 2 has been configured: C3(su)->show spantree mstilist Configured Multiple Spanning Tree instances: 2 set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. Syntax set spantree msti sid sid {create | delete} Parameters sid sid Sets the Multiple Spanning Tree ID. Valid values are 1 ‐ 4094. SecureStack C3 devices will support up to 4 MST instances.
show spantree mstmap Example This example shows how to delete all MST instances: C3(su)->clear spantree msti show spantree mstmap Use this command to display the mapping of a filtering database ID (FID) to a Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. Syntax show spantree mstmap [fid fid] Parameters fid fid (Optional) Displays information for specific FIDs. Defaults If fid is not specified, information for all assigned FIDs will be displayed.
clear spantree mstmap Mode Switch command, read‐write. Example This example shows how to map FID 3 to SID 2: C3(su)->set spantree mstmap 3 sid 2 clear spantree mstmap Use this command to map a FID back to SID 0. Syntax clear spantree mstmap fid Parameters fid Specifies one or more FIDs to reset to 0. Defaults If fid is not specified, all SID to FID mappings will be reset. Mode Switch command, read‐write.
show spantree mstcfgid Example This example shows how to display the SIDs mapped to VLAN 1. In this case, SIDs 2, 16 and 42 are mapped to VLAN 1.
set spantree mstcfgid set spantree mstcfgid Use this command to set the MST configuration name and/or revision level. Syntax set spantree mstcfgid {cfgname name | rev level} Parameters cfgname name Specifies an MST configuration name. rev level Specifies an MST revision level. Valid values are 0 ‐ 65535. Defaults None. Mode Switch command, read‐write.
set spantree priority set spantree priority Use this command to set the device’s Spanning Tree priority. Syntax set spantree priority priority [sid] Parameters priority Specifies the priority of the bridge. Valid values are from 0 to 61440 (in increments of 4096), with 0 indicating highest priority and 61440 lowest priority. sid (Optional) Sets the priority on a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
set spantree hello Example This example shows how to reset the bridge priority on SID 1: C3(su)->clear spantree priority 1 set spantree hello Use this command to set the device’s Spanning Tree hello time, This is the time interval (in seconds) the device will transmit BPDUs indicating it is active. Syntax set spantree hello interval Parameters interval Specifies the number of seconds the system waits before broadcasting a bridge hello message (a multicast message indicating that the system is active).
set spantree maxage set spantree maxage Use this command to set the bridge maximum aging time. Syntax set spantree maxage agingtime Parameters agingtime Specifies the maximum number of seconds that the system retains the information received from other bridges through STP. Valid values are 6 ‐ 40. Defaults None. Mode Switch command, read‐write.
set spantree fwddelay Example This example shows how to globally reset the maximum aging time: C3(su)->clear spantree maxage set spantree fwddelay Use this command to set the Spanning Tree forward delay. Syntax set spantree fwddelay delay Parameters delay Specifies the number of seconds for the bridge forward delay. Valid values are 4 ‐ 30. Defaults None. Mode Switch command, read‐write. Usage The forward delay is the maximum time (in seconds) the root device will wait before changing states (i.e.
show spantree backuproot Mode Switch command, read‐write. Example This example shows how to globally reset the bridge forward delay: C3(su)->clear spantree fwddelay show spantree backuproot Use this command to display the backup root status for an MST instance. Syntax show spantree backuproot [sid] Parameters sid (Optional) Display backup root status for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
clear spantree backuproot Mode Switch command, read‐write. Usage The Spanning Tree backup root function is disabled by default on the SecureStack C3. When this feature is enabled and the switch is directly connected to the root bridge, stale Spanning Tree information is prevented from circulating if the root bridge is lost. If the root bridge is lost, the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge.
set spantree tctrapsuppress Defaults None. Mode Switch command, read‐only. Example This example shows how to display the status of topology change trap suppression: C3(rw)->show spantree tctrapsuppress Topology change Trap Suppression is set to enabled set spantree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports.
clear spantree tctrapsuppress clear spantree tctrapsuppress Use this command to clear the status of topology change trap suppression on Rapid Spanning Tree edge ports to the default state of enabled (edge port topology changes do not generate traps). Syntax clear spantree tctrapsuppress Parameters None. Defaults None. Mode Switch command, read‐write.
show spantree spanguard show spantree spanguard Use this command to display the status of the Spanning Tree span guard function. Syntax show spantree spanguard Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the span guard function status: C3(su)->show spantree spanguard Spanguard is disabled set spantree spanguard Use this command to enable or disable the Spanning Tree span guard function.
clear spantree spanguard spanguardtimeout (“set spantree spanguardtimeout” on page 6‐27) has passed since the last seen BPDU, the port is manually unlocked (set or clear spantree spanguardlock, “clear / set spantree spanguardlock” on page 6‐28), the configuration of the port is changed so it is not longer an edge port, or the span guard function is disabled. Span guard is enabled and disabled only on a global basis across the stack. By default, span guard is disabled and span guard traps are enabled.
set spantree spanguardtimeout Example This example shows how to display the span guard timeout setting: C3(su)->show spantree spanguardtimeout Spanguard timeout: 300 set spantree spanguardtimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the span guard function. Syntax set spantree spanguardtimeout timeout Parameters timeout Specifies a timeout value in seconds. Valid values are 0 to 65535. A value of 0 will keep the port locked until manually unlocked.
show spantree spanguardlock Example This example shows how to reset the span guard timeout to 300 seconds: C3(rw)->clear spantree spanguardtimeout show spantree spanguardlock Use this command to display the span guard lock status of one or more ports. Syntax show spantree spanguardlock [port-string] Parameters port‐string (Optional) Specifies the port(s) for which to show span guard lock status.
show spantree spanguardtrapenable Example This example shows how to unlock port ge.1.16: C3(rw)->clear spantree spanguardlock ge.1.16 show spantree spanguardtrapenable Use this command to displays the state of the Spanning Tree span guard trap function. Syntax show spantree spanguardtrapenable Parameters None. Defaults None. Mode Switch command, read‐only.
clear spantree spanguardtrapenable clear spantree spanguardtrapenable Use this command to reset the Spanning Tree span guard trap function back to the default state of enabled. Syntax clear spantree spanguardtrapenable Parameters None. Defaults None. Mode Switch command, read‐write.
set spantree legacypathcost set spantree legacypathcost Use this command to enable or disable legacy (802.1D) path cost values. Syntax set spantree legacypathcost {disable | enable} Parameters disable Use 802.1t2001 values to calculate path cost. enable Use 802.1d1998 values to calculate path cost. Defaults None. Mode Switch command, read‐write. Usage By default, legacy path cost is disabled.
Reviewing and Setting Spanning Tree Port Parameters Reviewing and Setting Spanning Tree Port Parameters Purpose To display and set Spanning Tree port parameters. Commands The commands used to review and set Spanning Tree port parameters are listed below. For information about... 6-32 Refer to page...
set spantree portadmin set spantree portadmin Use this command to disable or enable the Spanning Tree algorithm on one or more ports. Syntax set spantree portadmin port-string {disable | enable} Parameters port‐string Specifies the port(s) for which to enable or disable Spanning Tree. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. disable | enable Disables or enables Spanning Tree. Defaults None. Mode Switch command, read‐write.
show spantree portadmin show spantree portadmin Use this command to display the status of the Spanning Tree algorithm on one or more ports. Syntax show spantree portadmin [port port-string] Parameters port port‐string (Optional) Displays status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, status will be displayed for all ports. Mode Switch command, read‐only.
set spantree portpri Example This example shows how to display the port priority for fe.2.7: C3(su)->show spantree portpri port fe.2.7 Port fe.2.7 has a Port Priority of 128 on SID 0 set spantree portpri Use this command to set a port’s Spanning Tree priority. Syntax set spantree portpri port-string priority [sid sid] Parameters port‐string Specifies the port(s) for which to set Spanning Tree port priority.
show spantree adminpathcost Defaults If sid is not specified, port priority will be set for Spanning Tree 0. Mode Switch command, read‐write. Example This example shows how to reset the priority of fe.1.3 to 128 on SID 1 C3(su)->clear spantree portpri fe.1.3 sid 1 show spantree adminpathcost Use this command to display the admin path cost for a port on one or more Spanning Trees.
set spantree adminpathcost set spantree adminpathcost Use this command to set the administrative path cost on a port and one or more Spanning Trees. Syntax set spantree adminpathcost port-string cost [sid sid] Parameters port‐string Specifies the port(s) on which to set an admin path cost. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. cost Specifies the port path cost. Va1id values are 0 ‐ 200000000.
show spantree adminedge Example This example shows how to reset the admin path cost to 0 for fe.3.2 on SID 1: C3(su)->clear spantree adminpathcost fe.3.2 sid 1 show spantree adminedge Use this command to display the edge port administrative status for a port. Syntax show spantree adminedge [port port-string] Parameters port‐string (Optional) Displays edge port administrative status for specific port(s).
clear spantree adminedge Mode Switch command, read‐write. Usage The default behavior of the edge port administrative status begins with the value set to false initially after the device is powered up. If a Spanning Tree BDPU is not received on the port within a few seconds, the status setting changes to true. Example This example shows how to set fe.1.11 as an edge port: C3(su)->set spantree adminedge fe.1.
clear spantree adminedge 6-40 Spanning Tree Configuration
7 802.1Q VLAN Configuration This chapter describes the SecureStack C3 system’s capabilities to implement 802.1Q virtual LANs (VLANs). For information about... Refer to page...
VLAN Configuration Summary If the SecureStack C3 device is to be configured for multiple VLANs, it may be desirable to configure a management‐only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: Step Task Refer to page... 1. Create a new VLAN. 7-5 2. Set the PVID for the desired switch port to the VLAN created in Step 1.
Viewing VLANs Viewing VLANs Purpose To display a list of VLANs currently configured on the device, to determine how one or more VLANs were created, the ports allowed and disallowed to transmit traffic belonging to VLAN(s), and if those ports will transmit the traffic with a VLAN tag included. Commands The command used to view VLANs is listed below. For information about... Refer to page... show vlan 7-3 show vlan Use this command to display all information related to one or more VLANs.
show vlan C3(su)->show vlan 1 VLAN: 1 NAME: DEFAULT VLAN VLAN Type: Default Egress Ports fe.1.1-10, ge.2.1-4, fe.3.1-7, Forbidden Egress Ports None. Untagged Ports fe.1.1-10, ge.2.1-4, fe.3.1-7, Table 7‐2 provides an explanation of the command output. Table 7-2 7-4 show vlan Output Details Output What It Displays... VLAN VLAN ID. NAME Name assigned to the VLAN. Status Whether it is enabled or disabled. VLAN Type Whether it is permanent (static) or dynamic.
Creating and Naming Static VLANs Creating and Naming Static VLANs Purpose To create a new static VLAN, or to enable or disable existing VLAN(s). Commands The commands used to create and name static VLANs are listed below. For information about... Refer to page... set vlan 7-5 set vlan name 7-6 clear vlan 7-6 clear vlan name 7-7 set vlan Use this command to create a new static IEEE 802.1Q VLAN, or to enable or disable an existing VLAN.
set vlan name Examples This example shows how to create VLAN 3: C3(su)->set vlan create 3 This example shows how to disable VLAN 3: C3(su)->set vlan disable 3 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. Syntax set vlan name vlan-list vlan-name Parameters vlan‐list Specifies the VLAN ID of the VLAN(s) to be named. vlan‐name Specifies the string used as the name of the VLAN (1 to 32 characters). Defaults None. Mode Switch command, read‐write.
clear vlan name Example This example shows how to remove a static VLAN 9 from the device’s VLAN list: C3(su)->clear vlan 9 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. Syntax clear vlan name vlan-list Parameters vlan‐list Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. Defaults None. Mode Switch command, read‐write.
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Purpose To assign default VLAN IDs to untagged frames on one or more ports, to configure VLAN ingress filtering and constraints, and to set the frame discard mode. Commands The commands used to configure port VLAN IDs and ingress filtering are listed below. For information about... Refer to page...
set port vlan fe.2.3 fe.2.4 fe.2.5 fe.2.6 is is is is set set set set to to to to 1 1 1 1 set port vlan Use this command to configure the PVID (port VLAN identifier) for one or more ports. Syntax set port vlan port-string pvid [modify-egress | no-modify-egress] Parameters port‐string Specifies the port(s) for which to configure a VLAN identifier. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
clear port vlan clear port vlan Use this command to reset a port’s 802.1Q port VLAN ID (PVID) to the host VLAN ID 1. Syntax clear port vlan port-string Parameters port‐string Specifies the port(s) to be reset to the host VLAN ID 1. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset ports fe.1.
set port ingress filter C3(su)->show port ingress-filter fe.1.10-15 Port State -------- --------fe.1.10 disabled fe.1.11 disabled fe.1.12 disabled fe.1.13 disabled fe.1.14 disabled fe.1.15 disabled set port ingress filter Use this command to discard all frames received with a VLAN ID that don’t match the port’s VLAN egress list. Syntax set port ingress-filter port-string {disable | enable} Parameters port‐string Specifies the port(s) on which to enable of disable ingress filtering.
show port discard show port discard Use this command to display the frame discard mode for one or more ports. Ports can be set to discard frames based on whether or not the frame contains a VLAN tag. They can also be set to discard both tagged and untagged frames, or neither. Syntax show port discard [port-string] Parameters port‐string (Optional) Displays the frame discard mode for specific port(s).
set port discard set port discard Use this command to set the frame discard mode on one or more ports. Syntax set port discard port-string {tagged | untagged | both | none} Parameters port‐string Specifies the port(s) for which to set frame discard mode. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. tagged | untagged | both | none • Tagged ‐ Discard all incoming (received) tagged packets on the defined port(s).
Configuring the VLAN Egress List Configuring the VLAN Egress List Purpose To assign or remove ports on the egress list of a particular VLAN. This determines which ports on the switch will be eligible to transmit frames for a particular VLAN. For example, ports 1, 5, 7, 8 could be allowed to transmit frames belonging to VLAN 20 and ports 7,8, 9, 10 could be allowed to transmit frames tagged with VLAN 30 (a port can belong to multiple VLAN Egress lists).
show port egress show port egress Use this command to display the VLAN membership for one or more ports. Syntax show port egress [port-string] Parameters port‐string (Optional) Displays VLAN membership for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, VLAN membership will be displayed for all ports. Mode Switch command, read‐write.
set vlan egress Mode Switch command, read‐write. Example This example shows you how to set fe.1.3 to forbidden for VLAN 6: C3(su)->set vlan forbidden 6 fe.1.3 set vlan egress Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This determines which ports will transmit frames for a particular VLAN.
clear vlan egress This example shows how to allow Fast Ethernet port 2 in unit 1 to transmit VLAN 7 frames as untagged: C3(su)->set vlan egress 7 fe.1.2 untagged clear vlan egress Use this command to remove ports from a VLAN’s egress list. Syntax clear vlan egress vlan-list port-string [forbidden] Parameters vlan‐list Specifies the number of the VLAN from which a port(s) will be removed from the egress list.
show vlan dynamicegress show vlan dynamicegress Use this command to display the status of dynamic egress (enabled or disabled) for one or more. VLANs. Syntax show vlan dynamicegress [vlan-list] Parameters vlan‐list (Optional) Displays dynamic egress status for specific VLAN(s). Defaults If vlan‐list is not specified, the dynamic egress status for all VLANs will be displayed. Mode Switch command, read‐write.
set vlan dynamicegress set vlan dynamicegress Use this command to administratively set the dynamic egress status for one or more VLANs. Syntax set vlan dynamicegress vlan-list {enable | disable} Parameters vlan‐list Specify the VLANs by ID to enable or disable dynamic egress. enable | disable Enables or disables dynamic egress. Defaults None. Mode Switch command, read‐write.
Setting the Host VLAN Setting the Host VLAN Purpose To configure a host VLAN that only select devices are allowed to access. This secures the host port for management‐only tasks. Note: The host port is the management entity of the device. Refer to “Creating a Secure Management VLAN” on page 7-1 for more information. Commands The commands needed to configure host VLANs are listed below. For information about...
set host vlan set host vlan Use this command to assign host status to a VLAN. Syntax set host vlan vlan-id Parameters vlan‐id Specifies the number of the VLAN to set as the host VLAN. Defaults None. Mode Switch command, read‐write. Usage The host VLAN should be a secure VLAN where only designated users are allowed access. For example, a host VLAN could be specifically created for device management.
clear host vlan clear host vlan Use this command to reset the host VLAN to the default setting of 1. Syntax clear host vlan Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the host VLAN to the default setting: C3(su)->clear host vlan 7-22 802.
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Enabling/Disabling GVRP (GARP VLAN Registration Protocol) About GARP VLAN Registration Protocol (GVRP) The following sections describe the device operation when its ports are operating under the Generic Attribute Registration Protocol (GARP) application – GARP VLAN Registration Protocol (GVRP). Overview The purpose of GVRP is to dynamically create VLANs across a switched network.
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Figure 7-1 Example of VLAN Propagation via GVRP Switch 3 Switch 2 R 2D 1 3 1 D R Switch 1 1 R 2 End Station A D 3 D 1 R D Switch 4 1 R Switch 5 R = Port registered as a member of VLAN Blue = Port declaring VLAN Blue Purpose To dynamically create VLANs across a switched network.
show gvrp show gvrp Use this command to display GVRP configuration information. Syntax show gvrp [port-string] Parameters port‐string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, GVRP configuration information will be displayed for all ports and the device. Mode Switch command, read‐only.
show garp timer Example This example shows how to display GARP timer information on Fast Ethernet ports 1 through 10 in unit 1: Note: For a functional description of the terms join, leave, and leaveall timers, refer to the standard IEEE 802.1Q documentation, which is not supplied with this device. C3(su)->show garp timer fe.1.1-10 Port based GARP Configuration: (Timer units are centiseconds) Port Number Join Leave Leaveall ----------- ---------- ---------- ---------fe.1.1 20 60 1000 fe.1.2 20 60 1000 fe.1.
set gvrp set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. Syntax set gvrp {enable | disable} [port-string] Parameters disable | enable Disables or enables GVRP on the device. port‐string (Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, GVRP will be disabled or enabled for all ports.
set garp timer Example This example shows how to clear GVRP status globally on the device: C3(su)->clear gvrp set garp timer Use this command to adjust the values of the join, leave, and leaveall timers. Syntax set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]} port-string Parameters join timer‐value Sets the GARP join timer in centiseconds (Refer to 802.1Q standard.) leave timer‐value Sets the GARP leave timer in centiseconds (Refer to 802.1Q standard.
8 Policy Classification Configuration This chapter describes the Policy Classification set of commands and how to use them. For information about... Refer to page...
Configuring Policy Profiles Configuring Policy Profiles Purpose To review, create, change and remove user profiles that relate to business‐driven policies for managing network resources. Commands The commands used to review and configure policy profiles are listed below. For information about... Refer to page... show policy profile 8-2 set policy profile 8-4 clear policy profile 8-5 show policy profile Use this command to display policy profile information.
show policy profile Untagged Vlans Replace TCI Status Rule Precedence Admin Profile Usage Oper Profile Usage Dynamic Profile Usage : none : Disable : 1-31 :MACSource(1),MACDest(2),Unknown(3), :Unknown(4),Unknown(5),Unknown(6), :Unknown(7),Unknown(8),Unknown(9), :Unknown(10),Unknown(11),IPSource(12), :IPDest(13),IPFrag(14),UDPSrcPort(15), :UDPDestPort(16),TCPSrcPort(17),TCPDestPort(18), :ICMPType(19),Unknown(20),IPTOS(21), :IPProto(22),Unknown(23),Unknown(24), :Ether(25),Unknown(26),VLANTag(27), :Unknown(
set policy profile set policy profile Use this command to create a policy profile entry. Syntax set policy profile profile-index [name name] [pvid-status {enable | disable}] [pvid pvid] [cos-status {enable | disable}] [cos cos] [egress-vlans egress-vlans] [forbidden-vlans forbidden-vlans] [untagged-vlans untagged-vlans] [append] [clear] [tci-overwrite {enable | disable}] [precedence precedence-list] Parameters profile‐index Specifies an index number for the policy profile. Valid values are 1 ‐ 255.
clear policy profile Defaults If optional parameters are not specified, none will be applied. Mode Switch command, read‐write. Example This example shows how to create a policy profile 1 named “netadmin” with PVID override enabled for PVID 10, and Class‐of‐Service override enabled for CoS 5.
Configuring Classification Rules Configuring Classification Rules Purpose To review, create, assign, and unassign classification rules to policy profiles. This maps user profiles to protocol‐based frame filtering policies. Commands The commands used to review, assign and unassign classification rules to user profiles and ports are listed below. For information about... Refer to page...
show policy rule data Displays rules for a predefined classifier. This value is dependent on the classification type entered. Refer to Table 8‐3 for valid values for each classification type. mask mask (Optional) Displays rules for a specific data mask. Refer to Table 8‐3 for valid values for each classification type and data value. port‐string port‐ string (Optional) Displays rules related to a specific ingress port.
show policy rule Table 8-2 8-8 show policy rule Output Details Output What It Displays... PID Profile index number. Assigned to this classification rule with the set policy profile command (“set policy profile” on page 8-4). Rule Type Type of classification rule. Refer to Table 8-3 for valid types. Rule Data Rule data value. Refer to Table 8-3 for valid values for each classification type. Mk Rule data mask. Refer to Table 8-3 for valid values for each classification data value.
show policy capability show policy capability Use this command to display detailed policy classification capabilities supported by your SecureStack C3 device. Syntax show policy capability Parameters None. Defaults None. Mode Switch command, read‐only. Usage Use this command to display detailed policy classification capabilities supported by your SecureStack C3 device.
show policy capability |IPX destination socket | | | | | | | | | | |IPX transmission control | | | | | | | | | | |IPX type field | | | | | | | | | | |IPv6 source address | | | | | | | | | | |IPv6 destination address | | | | | | | | | | |IPv6 flow label | | | | | | | | | | |IP source address | X | X | | X | X | X | | | | |IP destination address | X | X | | X | X | X | | | | |IP fragmentation | | | | | | | | | | |UDP port source | X | X | | X | X | X | | | | |UDP port destination | X | X | | X | X | X | | |
set policy rule set policy rule Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or Class‐of‐Service classification rules. Syntax This command has two forms of syntax—one to create an admin rule (for policy ID 0), and the other to create a classification rule and attach it to a policy profile.
set policy rule tcpsourceport Classifies based on TCP source port. udpdestport Classifies based on UDP destination port. udpsourceport Classifies based on UDP source port. data Specifies the code for a predefined classifier. This value is dependent on the classification type entered. Refer to Table 8‐3 for valid values for each classification type. mask mask (Optional) Specifies the number of significant bits to match, dependent on the data value entered.
clear policy rule Examples This example shows how to use Table 8‐3 to assign a rule to policy profile 5 that will forward UDP frames from source port 45: C3(su)->set policy rule 5 udpportsource 45 forward This example shows how to use Table 8‐3 to assign a rule to policy profile 1 that will drop IP source traffic from IP address 1.2.3.4. If mask 32 is not specified as shown, a default mask of 48 bits (IP address + port) would be applied: C3(su)->set policy rule 1 ipsourcesocket 1.2.3.
clear policy all-rules udpsourceport Deletes associated UDP source port classification rule. Defaults When applicable, data and mask must be specified for individual rules to be cleared. Mode Switch command, read‐write. Example This example shows how to remove a rule from policy profile 5 that will forward UDP frames from source port 45: C3(su)->clear policy rule 5 udpportsource 45 forward clear policy all-rules Use this command to remove all policy classification rules.
Assigning Ports to Policy Profiles Assigning Ports to Policy Profiles Purpose To assign and unassign ports to policy profiles. Commands The commands used to assign ports to policy profiles are listed below. For information about... Refer to page... set policy port 8-15 clear policy port 8-16 set policy port Use this command to assign ports to a policy profile. Syntax set policy port port-string profile-index Parameters port‐string Specifies the port(s) to add to the policy profile.
clear policy port clear policy port Use this command to remove a policy profile from one or more ports. Syntax clear policy port port-string profile-index Parameters port‐string Specifies the port(s) from which to remove the policy profile. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. profile‐index Specifies the ID of the policy profile (role) to which the port(s) will be added.
Configuring Policy Class of Service (CoS) Configuring Policy Class of Service (CoS) Using Port-Based or Policy-Based CoS Settings Note: It is recommended that you use Enterasys Networks NetSight Policy Manager as an alternative to CLI for configuring policy-based CoS on the switches. The SecureStack C3 supports Class of Service (CoS), which allows you to assign mission‐critical data to a higher priority through the device by delaying less critical traffic during periods of congestion.
set cos state set cos state Use this command to enable or disable Class of Service. Syntax set cos state {enable | disable} Parameters enable | disable Enables or disables Class of Service on the switch. Default state is disabled. Defaults None. Mode Switch command, read‐write. Usage The CoS state is a global setting which is set to disabled by default.
clear cos state clear cos state Use this command to set CoS state back to its default setting of disabled. Syntax clear cos state Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear the CoS state back to its default setting of disabled: C3(su)->clear cos state set cos settings Use this command to configure a Class of Service entry in the CoS settings table.
clear cos settings • CoS Index Indexes are unique identifiers for each CoS setting. CoS indexes 0 through 7 are created by default and mapped directly to 802.1p priority for backwards compatibility. These entries cannot be removed, and 802.1p priority values cannot be changed. When CoS is enabled, indexes are assigned. Up to 256 CoS indexes or entries can be configured. • Priority 802.1p priority can be applied per CoS index. For each new CoS index created, the user has the option to assign an 802.
show cos settings show cos settings Use this command to display Class of Service parameters. Syntax show cos settings [cos-list] Parameters cos‐list (Optional) Specifies a Class of Service entry to display. Defaults If not specified, all CoS entries will be displayed. Mode Switch command, read‐only.
clear cos all-entries Example This example shows how to clear the CoS configuration for all entries except entries 0‐7: C3(su)->clear cos all-entries 8-22 Policy Classification Configuration
9 Port Priority Configuration This chapter describes the Port Priority set of commands and how to use them. For information about... Refer to page...
Configuring Port Priority Configuring Port Priority Purpose To view or configure port priority characteristics as follows: • Display or change the port default Class‐of Service (CoS) transmit priority (0 through 7) of each port for frames that are received (ingress) without priority information in their tag header. • Display the current traffic class mapping‐to‐priority of each port. • Set each port to transmit frames according to 802.1D (802.1p) priority set in the frame header.
set port priority set port priority Use this command to set the 802.1D (802.1p) Class‐of‐Service transmit priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port. For example, if the priority of a port is set to 5, the frames received through that port without a priority indicated in their tag header are classified as a priority 5.
clear port priority clear port priority Use this command to reset the current CoS port priority setting to 0. This will cause all frames received without a priority value in its header to be set to priority 0. Syntax clear port priority port-string Parameters port‐string Specifies the port for which to clear priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write.
Configuring Priority to Transmit Queue Mapping Configuring Priority to Transmit Queue Mapping Purpose To perform the following: • View the current priority to transmit queue mapping of each physical port.
set port priority-queue Example This example shows how to display priority queue information for ge.1.1. In this case, frames with a priority of 0 are associated with transmit queue 1; frames with 1 or 2 priority, are associated with transmit queue 0; and so forth: C3(su)->show Port P0 --------- -ge.1.1 1 port priority-queue ge.1.1 P1 P2 P3 P4 P5 P6 P7 -- -- -- -- -- -- -0 0 2 3 4 5 5 set port priority-queue Use this command to map 802.1D (802.1p) priorities to transmit queues.
clear port priority-queue Example This example shows how to set priority 5 frames received on ge.2.12 to transmit on queue 0. C3(su)->set port priority-queue ge.2.12 5 0 clear port priority-queue Use this command to reset port priority queue settings back to defaults for one or more ports. Syntax clear port priority-queue port-string Parameters port‐string Specifies the port for which to clear priority‐to‐queue mappings.
Configuring Quality of Service (QoS) Configuring Quality of Service (QoS) Purpose Eight transmit queues are implemented in the switch hardware for each port, but only six are available for use in prioritizing various data and control traffic. The seventh and eighth queues are reserved for stacking and network control related communications.
set port txq Example This example shows how to display the current algorithm and transmit queue weights configured on ports ge.1.10 through 24: C3(su)->show port txq ge.1.10-24 Port Alg Q0 Q1 Q2 Q3 Q4 Q5 ------- --- --- --- --- --- --ge.1.10 WRR 2 10 15 20 24 29 ge.1.11 WRR 2 10 15 20 24 29 ge.1.12 WRR 2 10 15 20 24 29 ge.1.13 WRR 2 10 15 20 24 29 ge.1.14 WRR 2 10 15 20 24 29 ge.1.15 WRR 2 10 15 20 24 29 ge.1.16 WRR 2 10 15 20 24 29 ge.1.17 WRR 2 10 15 20 24 29 ge.1.18 WRR 2 10 15 20 24 29 ge.1.
clear port txq Queues can be set for strict priority (SP) or weighted round‐robin (WRR). If set for WRR mode, weights may be assigned to those queues with this command. Weights are specified in the range of 0 to 100 percent. Weights specified for queues 0 through 5 on any port must total 100 percent. Queues 0 through 5 can be changed to strict priority by configuring queues 0 through 4 at 0 percent and queue 5 at 100 percent.
clear port txq Example This example shows how to clear transmit queue values on ge.1.1: C3(su)->clear port txq ge.1.1 C3(su)->show port txq ge.1.1 Port Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7 ------- --- --- --- --- --- --- --- --ge.1.
clear port txq 9-12 Port Priority Configuration
10 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. For information about... Refer to page... IGMP Overview 10-1 Configuring IGMP at Layer 2 10-2 Configuring IGMP on Routing Interfaces 10-11 IGMP Overview About IP Multicast Group Management The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast device.
Configuring IGMP at Layer 2 About Multicasting Multicasting is used to support real‐time applications such as video conferences or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
show igmpsnooping show igmpsnooping Use this command to display IGMP snooping information. Syntax show igmpsnooping Parameters None. Defaults None. Mode Switch command, read‐only. Usage Configured information is displayed whether or not IGMP snooping is enabled. Status information is displayed only when the function is enabled. For information on enabling IGMP on the system, refer to “set igmpsnooping adminmode” on page 10‐3.
set igmpsnooping interfacemode Mode Switch command, read‐write. Usage In order for IGMP snooping to be enabled on one or all ports, it must be globally enabled on the device with this command, and then enabled on a port(s) using the set igmpsnooping interface mode command as described in “set igmpsnooping interfacemode” on page 10‐4.
set igmpsnooping groupmembershipinterval set igmpsnooping groupmembershipinterval Use this command to configure the IGMP group membership interval time for the system. Syntax set igmpsnooping groupmembershipinterval time Parameters time Specifies the IGMP group membership interval. Valid values are 2 ‐ 3600 seconds. This value works together with the set igmpsnooping maxresponsetime command to remove ports from an IGMP group and must be greater than the max response time value. Defaults None.
set igmpsnooping mcrtrexpiretime Mode Switch command, read‐write. Usage This value must be less than the IGMP maximum response time described in “set igmpsnooping groupmembershipinterval” on page 10‐5. Example This example shows how to set the IGMP maximum response time to 100 seconds: C3(su)->set igmpsnooping maxresponse 100 set igmpsnooping mcrtrexpiretime Use this command to configure the IGMP multicast router expiration time for the system.
set igmpsnooping add-static set igmpsnooping add-static This command creates a new static IGMP entry or adds one or more new ports to an existing entry. Syntax set igmpsnooping add-static group vlan-list [modify] [port-string] Parameters group Specifies the multicast group IP address for the entry. vlan‐list Specifies the VLANs on which to configure the entry. modify (Optional) Adds the specified port or ports to an existing entry.
show igmpsnooping static Mode Switch command, read‐write. Example This example removes port ge.1.1 from the entry for the multicast group with IP address of 233.11.22.33 configured on VLAN 20. C3(su)->set igmpsnooping remove-static 233.11.22.33 20 ge.1.1 show igmpsnooping static This command displays static IGMP ports for one or more VLANs or IGMP groups. Syntax show igmpsnooping static vlan-list [group group] Parameters vlan‐list Specifies the VLAN for which to display static IGMP ports.
show igmpsnooping mfdb show igmpsnooping mfdb Use this command to display multicast forwarding database (MFDB) information. Syntax show igmpsnooping mfdb [stats] Parameters stats (Optional) Displays MFDB statistics. Defaults If stats is not specified, all MFDB table entries will be displayed. Mode Switch command, read‐only.
clear igmpsnooping clear igmpsnooping Use this command to clear all IGMP snooping entries. Syntax clear igmpsnooping Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear all IGMP snooping entries: C3(su)->clear igmpsnooping Are you sure you want to clear all IGMP snooping entries? (y/n)y IGMP Snooping Entries Cleared.
Configuring IGMP on Routing Interfaces Configuring IGMP on Routing Interfaces Router: The commands covered in this section can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 14-3. Purpose To configure IGMP on routing interfaces. Commands For information about... Refer to page...
ip igmp ip igmp Use this command to enable IGMP on the router. The no form of this command disables IGMP on the router. Syntax ip igmp no ip igmp Parameters None. Defaults None. Mode Global configuration: C3(su)‐>router(Config)# Example This example shows how to enable IGMP on the router: C3(su)->router(Config)#ip igmp ip igmp enable Use this command to enable IGMP on an interface. The no form of this command disables IGMP on an interface. Syntax ip igmp enable no ip igmp enable Parameters None.
ip igmp version ip igmp version Use this command to set the version of IGMP running on the router. The no form of this command resets IGMP to the default version of 2 (IGMPv2). Syntax ip igmp version version no ip igmp Parameters version Specifies the IGMP version number to run on the router. Valid values are 1, 2, or 3. Defaults None.
show ip igmp groups Multicast TTL currently defaults to 1 IGMP Version is 2 Query Interval is 125 (secs) Query Max Response Time is 100 (1/10 of a second) Robustness is 2 Startup Query Interval is 31 (secs) Startup Query Count is 2 Last Member Query Interval is 10 (1/10 of a second) Last Member Query Count is 2 show ip igmp groups Use this command to display a list of IGMP streams and client connection ports. Syntax show ip igmp groups Parameters None. Defaults None. Mode Any router mode.
ip igmp query-interval ip igmp query-interval Use this command to set the IGMP query interval on a routing interface. The no form of this command resets the IGMP query interval to the default value of 125 seconds. Syntax ip igmp query-interval time no ip igmp query-interval Parameters time Specifies the IGMP query interval. Valid values are from 1 to 3600 seconds. Default is 125 seconds. Defaults None.
ip igmp startup-query-interval Example This example shows how to set the IGMP query maximum response time interval to 200 (2 tenths of a second) on VLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip igmp query-max-response-time 200 ip igmp startup-query-interval Use this command to set the interval between general IGMP queries sent on startup. The no form of this command resets the IGMP startup query interval to the default value of 31 seconds.
ip igmp last-member-query-interval Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Example This example shows how to set the IGMP startup query count to 10 onVLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip igmp startup-query-count 10 ip igmp last-member-query-interval Use this command to set the maximum response time being inserted into group‐specific queries sent in response to leave group messages.
ip igmp last-member-query-count ip igmp last-member-query-count Use this command to set the number of group‐specific queries sent before assuming there are no local members. The no form of this command resets the IGMP last member query count to the default value of 2. Syntax ip igmp last-member-query-count count no ip igmp last-member-query-count Parameters count Specifies the number of IGMP startup queries. Valid values are from 1 to 20. The default value is 2. Defaults None.
ip igmp robustness Usage This value determines how many times IGMP messages will be sent. A higher number will mean that end stations will be more likely to see the packet. After the robustness value is reached, IGMP will assume there is no response to queries.
ip igmp robustness 10-20 IGMP Configuration
11 Logging and Network Management This chapter describes switch‐related logging and network management commands and how to use them. Note: The commands in this chapter pertain to network management of the SecureStack C3 device from the switch CLI only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 15. For information about... Refer to page...
show logging server For information about... Refer to page... set logging application 11-8 clear logging application 11-9 show logging local 11-9 set logging local 11-10 clear logging local 11-10 show logging buffer 11-11 show logging server Use this command to display the Syslog configuration for a particular server. Syntax show logging server [index] Parameters index (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1‐8.
set logging server Table 11-1 show logging server Output Details (Continued) Output What It Displays... Port UDP port the client uses to send to the server. Status Whether or not this Syslog configuration is currently enabled or disabled. set logging server Use this command to configure a Syslog server.
clear logging server Mode Switch command, read‐write. Example This command shows how to enable a Syslog server configuration for index 1, IP address 134.141.89.113, facility local4, severity level 3 on port 514: C3(su)->set logging server 1 ip-addr 134.141.89.113 facility local4 severity 3 port 514 state enable clear logging server Use this command to remove a server from the Syslog server table.
set logging default Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table 11‐1 on page 11‐2. C3(su)->show logging default Defaults: Facility Severity Port ----------------------------------------local4 warning(5) 514 set logging default Use this command to set logging default values.
clear logging default clear logging default Use this command to reset logging default values. Syntax clear logging default {[facility] [severity] [port]} Parameters facility (Optional) Resets the default facility name to local4. severity (Optional) Resets the default logging severity level to 6 (notifications of significant conditions). port (Optional) Resets the default UDP port the client uses to send to the server to 514. Defaults At least one optional parameter must be entered.
show logging application show logging application Use this command to display the severity level of Syslog messages for one or all applications configured for logging on your system. Syntax show logging application [mnemonic | all] Parameters mnemonic (Optional) Displays severity level for one application configured for logging. Mnemonics will vary depending on the number and types of applications running on your system.
set logging application set logging application Use this command to set the severity level of log messages for one or all applications. Syntax set logging application {[mnemonic | all]} [level level] Parameters mnemonic Specifies a case sensitive mnemonic abbreviation of an application to be logged. This parameter will vary depending on the number and types of applications running on your system.
clear logging application Mode Switch command, read‐write. Example This example shows how to set the severity level for SNMP to 4 so that error conditions will be logged for that application. C3(rw)->set logging application SNMP level 4 clear logging application Use this command to reset the logging severity level for one or all applications to the default value of 6 (notifications of significant conditions).
set logging local Mode Switch command, read‐only. Example This example shows how to display the state of message logging. In this case, logging to the console is enabled and logging to a persistent file is disabled. C3(su)->show logging local Syslog Console Logging enabled Syslog File Logging disabled set logging local Use this command to configure log messages to the console and a persistent file.
show logging buffer Example This example shows how to clear local logging: C3(su)->clear logging local show logging buffer Use this command to display the last 256 messages logged. Syntax show logging buffer Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows a portion of the information displayed with the show logging buffer command: C3(su)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.
Monitoring Network Events and Status Monitoring Network Events and Status Purpose To display switch events and command history, to set the size of the history buffer, and to display and disconnect current user sessions. Commands Commands to monitor switch network events and status are listed below. For information about... Refer to page...
show history show history Use this command to display the size (in lines) of the history buffer. Syntax show history Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the size of the history buffer: C3(su)->show history History buffer size: 20 set history Use this command to set the size of the history buffer. Syntax set history size [default] Parameters size Specifies the size of the history buffer in lines. Valid values are 1 to 100.
ping ping Use this command to send ICMP echo‐request packets to another node on the network from the switch CLI. Syntax ping host Parameters host Specifies the IP address of the device to which the ping will be sent. Defaults None. Mode Switch command, read‐write. Examples This example shows how to ping IP address 134.141.89.29. In this case, this host is alive: C3(su)->ping 134.141.89.29 134.141.89.29 is alive In this example, the host at IP address is not responding: C3(su)->ping 134.141.89.
show users show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. Syntax show users Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read‐Write access privileges from IP addresses 134.141.192.119 and 134.141.192.
disconnect Examples This example shows how to close a Telnet session to host 134.141.192.119: C3(su)->disconnect 134.141.192.
Managing Switch Network Addresses and Routes Managing Switch Network Addresses and Routes Purpose To display or delete switch ARP table entries, and to display MAC address information. Commands Commands to manage switch network addresses and routes are listed below. For information about... Refer to page...
set arp Example This example shows how to display the ARP table: C3(su)->show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface ----------------------------------------------------10.20.1.1 00-00-5e-00-01-1 S host 134.142.21.194 00-00-5e-00-01-1 S host 134.142.191.192 00-00-5e-00-01-1 S host 134.142.192.18 00-00-5e-00-01-1 S host 134.142.192.119 00-00-5e-00-01-1 S host ----------------------------------------------------- Table 11‐4 provides an explanation of the command output.
clear arp clear arp Use this command to delete a specific entry or all entries from the switch’s ARP table. Syntax clear arp {ip‐address | all} Parameters ip‐address | all Specifies the IP address in the ARP table to be cleared, or clears all ARP entries. Defaults None. Mode Switch command, read‐write. Example This example shows how to delete entry 10.1.10.10 from the ARP table: C3(su)->clear arp 10.1.10.
show mac Defaults If not specified, waittime will be set to 5 seconds. If not specified, first‐ttl will be set to 1 second. If not specified, max‐ttl will be set to 30 seconds. If not specified, port will be set to 33434. If not specified, nqueries will be set to 3. If ‐r is not specified, normal host routing tables will be used. If ‐d is not specified, the debug socket option will not be used. If ‐v is not specified, summary output will be displayed. Mode Switch command, read‐only.
show mac Examples This example shows how to display MAC address information for ge.3.1: C3(su)->show mac port ge.3.1 MAC Address FID Port Type ----------------- ---- ------------- -------00-09-6B-0F-13-E6 15 ge.3.1 Learned MAC Address VLAN Port Type Status Egress Ports ----------------- ---- ------------- ------- ------- --------------------------01-01-23-34-45-56 20 any mcast perm ge.3.1 Table 11‐5 provides an explanation of the command output.
show mac agetime show mac agetime Use this command to display the timeout period for aging learned MAC entries. Syntax show mac agetime Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the MAC timeout period: C3(su)->show mac agetime Aging time: 300 seconds set mac agetime Use This command to set the timeout period for aging learned MAC entries.
clear mac agetime clear mac agetime Use this command to reset the timeout period for aging learned MAC entries to the default value of 300 seconds. Syntax clear mac agetime Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to reset the MAC timeout period to the default value of 300 seconds.
show mac algorithm Example This example sets the hashing algorithm to mac‐crc32‐upperbits. C3(rw)->set mac algorithm mac-crc32-upperbits show mac algorithm This command displays the currently selected MAC algorithm mode. Syntax show mac algorithm Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows the output of this command. C3(su)->show mac algorithm Mac hashing algorithm is mac-crc16-upperbits.
set mac multicast set mac multicast Use this command to define what ports within a VLAN a multicast address can be dynamically learned on or on what ports a frame with the specified MAC address can be flooded. Also, use this command to append ports to or clear ports from the egress ports list. Syntax set mac multicast mac-address vlan-id [port-string] [{append | clear} port-string] Parameters mac‐address Specify the multicast MAC address.
clear mac address Example This example clears multicast MAC address 01‐01‐22‐33‐44‐55 from VLAN 24.
Configuring Simple Network Time Protocol (SNTP) Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. Commands For information about... Refer to page...
show sntp Timezone: 'EST', offset from UTC is -4 hours and 0 minutes Client Mode: unicast Broadcast Count: 0 Poll Interval: 512 seconds Poll Retry: 1 Poll Timeout: 5 seconds SNTP Poll Requests: 1175 Last SNTP Update: TUE SEP 09 16:05:24 2003 Last SNTP Request: TUE SEP 09 16:05:24 2003 Last SNTP Status: Success SNTP-Server Precedence Status ------------------------------------------10.2.8.6 2 Active 144.111.29.19 1 Active Table 11‐6 provides an explanation of the command output.
set sntp client set sntp client Use this command to set the SNTP operation mode. Syntax set sntp client {broadcast | unicast | disable} Parameters broadcast Enables SNTP in broadcast client mode. unicast Enables SNTP in unicast (point‐to‐point) client mode. In this mode, the client must supply the IP address from which to retrieve the current time. disable Disables SNTP. Defaults None. Mode Switch command, read‐write.
set sntp server set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. Syntax set sntp server ip-address [precedence] Parameters ip‐address Specifies the SNTP server’s IP address. precedence (Optional) Specifies this SNTP server’s precedence in relation to its peers. Valid values are 1 (highest) to 10 (lowest). Defaults If precedence is not specified, 1 will be applied.
set sntp poll-interval set sntp poll-interval Use this command to set the poll interval between SNTP unicast requests. Syntax set sntp poll-interval interval Parameters interval Specifies the poll interval in seconds. Valid values are 16 to 16284. Defaults None. Mode Switch command, read‐write.
set sntp poll-retry set sntp poll-retry Use this command to set the number of poll retries to a unicast SNTP server. Syntax set sntp poll-retry retry Parameters retry Specifies the number of retries. Valid values are 0 to 10. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the number of SNTP poll retries to 5: C3(su)->set sntp poll-retry 5 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server.
set sntp poll-timeout set sntp poll-timeout Use this command to set the poll timeout (in seconds) for a response to a unicast SNTP request. set sntp poll-timeout timeout Parameters timeout Specifies the poll timeout in seconds. Valid values are 1 to 30. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the SNTP poll timeout to 10 seconds: C3(su)->set sntp poll-timeout 10 clear sntp poll-timeout Use this command to clear the SNTP poll timeout.
Configuring Node Aliases Configuring Node Aliases Purpose To review, disable, and re‐enable node (port) alias functionality, which determines what network protocols are running on one or more ports. Commands For information about... Refer to page... show nodealias config 11-34 set nodealias 11-35 clear nodealias config 11-36 show nodealias config Use this command to display node alias configuration settings on one or more ports.
set nodealias Table 11-7 show nodealias config Output Details Output What It Displays... Port Number Port designation. Max Entries Maximum number of alias entries configured for this port. Used Entries Number of alias entries (out of the maximum amount configured) already used by this port. Status Whether or not a node alias agent is enabled (default) or disabled on this port.
clear nodealias config clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. Syntax clear nodealias config port-string Parameters port‐string Specifies the port(s) on which to reset the node alias configuration. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the node alias configuration on fe.1.3: C3(su)->clear nodealias config fe.1.
12 Configuring RMON This chapter describes the commands used to configure RMON on a SecureStack C3 switch. For information about... Refer to page...
RMON Monitoring Group Functions Table 12-1 RMON Group History RMON Monitoring Group Functions and Commands (Continued) What It Does... What It Monitors... CLI Command(s) Records periodic statistical samples from a network. Sample period, number of samples and item(s) sampled.
Statistics Group Commands Statistics Group Commands Purpose To display, configure, and clear RMON statistics. Commands For information about... Refer to page... show rmon stats 12-3 set rmon stats 12-5 clear rmon stats 12-6 show rmon stats Use this command to display RMON statistics measured for one or more ports. Syntax show rmon stats [port-string] Parameters port‐string (Optional) Displays RMON statistics for specific port(s).
show rmon stats Table 12‐2 provides an explanation of the command output. Table 12-2 12-4 show rmon stats Output Details Output What It Displays... Port Port designation. Owner Name of the entity that configured this entry. Monitor is default. Data Source Data source of the statistics being displayed. Drop Events Total number of times that the switch was forced to discard frames due to lack of available switch device resources.
set rmon stats set rmon stats Use this command to configure an RMON statistics entry. Syntax set rmon stats index port-string [owner] Parameters index Specifies an index for this statistics entry. port‐string Specifies port(s) to which this entry will be assigned. owner (Optional) Assigns an owner for this entry. Defaults If owner is not specified, monitor will be applied. Mode Switch command, read‐write. Example This example shows how to configure RMON statistics entry 2 for ge.1.
clear rmon stats clear rmon stats Use this command to delete one or more RMON statistics entries. Syntax clear rmon stats {index-list | to-defaults} Parameters index‐list Specifies one or more stats entries to be deleted, causing them to disappear from any future RMON queries. to‐defaults Resets all history entries to default values. This will cause entries to reappear in RMON queries. Defaults None. Mode Switch command, read‐write.
History Group Commands History Group Commands Purpose To display, configure, and clear RMON history properties and statistics. Commands For information about... Refer to page... show rmon history 12-7 set rmon history 12-8 clear rmon history 12-9 show rmon history Use this command to display RMON history properties and statistics. The RMON history group records periodic statistical samples from a network.
set rmon history Sample 2779 Drop Events Octets Packets Broadcast Pkts Multicast Pkts CRC Align Errors = = = = = = Interval Start: 1 days 0 hours 2 minutes 22 seconds 0 Undersize Pkts = 0 0 Oversize Pkts = 0 0 Fragments = 0 0 Jabbers = 0 0 Collisions = 0 0 Utilization(%) = 0 set rmon history Use this command to configure an RMON history entry. Syntax set rmon history index [port-string] [buckets buckets] [interval interval] [owner owner] Parameters index‐list Specifies an index number for this entry.
clear rmon history clear rmon history Use this command to delete one or more RMON history entries or reset one or more entries to default values. For specific values, refer to “set rmon history” on page 12‐8. Syntax clear rmon history {index-list | to-defaults} Parameters index‐list Specifies one or more history entries to be deleted, causing them to disappear from any future RMON queries. to‐defaults Resets all history entries to default values. This will cause entries to reappear in RMON queries.
Alarm Group Commands Alarm Group Commands Purpose To display, configure, and clear RMON alarm entries and properties. Commands For information about... Refer to page... show rmon alarm 12-10 set rmon alarm properties 12-11 set rmon alarm status 12-13 clear rmon alarm 12-14 show rmon alarm Use this command to display RMON alarm entries. The RMON alarm group periodically takes statistical samples from RMON variables and compares them with previously configured thresholds.
set rmon alarm properties Table 12-3 show rmon alarm Output Details Output What It Displays... Index Index number for this alarm entry. Owner Text string identifying who configured this entry. Status Whether this event entry is enabled (valid) or disabled. Variable MIB object to be monitored. Sample Type Whether the monitoring method is an absolute or a delta sampling. Startup Alarm Whether alarm generated when this entry is first enabled is rising, falling, or either.
set rmon alarm properties startup rising | falling | either (Optional) Specifies the type of alarm generated when this event is first enabled as: • Rising ‐ Sends alarm when an RMON event reaches a maximum threshold condition is reached, for example, more than 30 collisions per second. • Falling ‐ Sends alarm when RMON event falls below a minimum threshold condition, for example when the network is behaving normally again. • Either ‐ Sends alarm when either a rising or falling threshold is reached.
set rmon alarm status set rmon alarm status Use this command to enable an RMON alarm entry. An alarm is a notification that a statistical sample of a monitored variable has crossed a configured threshold. Syntax set rmon alarm status index enable Parameters index Specifies an index number for this entry. Maximum number or entries is 50. Maximum value is 65535. enable Enables this alarm entry. Defaults None. Mode Switch command, read‐write.
clear rmon alarm clear rmon alarm Use this command to delete an RMON alarm entry. Syntax clear rmon alarm index Parameters index Specifies the index number of entry to be cleared. Defaults None. Mode Switch command, read‐write.
Event Group Commands Event Group Commands Purpose To display and clear RMON events, and to configure RMON event properties. Commands For information about... Refer to page... show rmon event 12-15 set rmon event properties 12-16 set rmon event status 12-17 clear rmon event 12-18 show rmon event Use this command to display RMON event entry properties. Syntax show rmon event [index] Parameters index (Optional) Displays RMON properties and log entries for a specific entry index ID.
set rmon event properties Table 12-4 show rmon event Output Details Output What It Displays... Index Index number for this event entry. Owner Text string identifying who configured this entry. Status Whether this event entry is enabled (valid) or disabled. Description Text string description of this event. Type Whether the event notification will be a log entry, and SNMP trap, both, or none. Community SNMP community name if message type is set to trap.
set rmon event status Example This example shows how to create and enable an RMON event entry called “STP topology change” that will send both a log entry and an SNMP trap message to the “public” community: C3(rw)->set rmon event properties 2 description "STP topology change" type both community public owner Manager set rmon event status Use this command to enable an RMON event entry. An event entry describes the parameters of an RMON event that can be triggered.
clear rmon event clear rmon event Use this command to delete an RMON event entry and any associated log entries. Syntax clear rmon event index Parameters index Specifies the index number of the entry to be cleared. Defaults None. Mode Switch command, read‐write.
Filter Group Commands Filter Group Commands The packet capture and filter function is disabled by default. When it is enabled, the SecureStack C3 switch will capture 100 frames as close to sequentially as possible. These 100 frames will be placed into a buffer for inspection. If there is data in the buffer when the function is started, the buffer will be overwritten. Once 100 frames have been captured, the capture will stop. Filtering will be performed on the frames captured in the buffer.
set rmon channel C3(rw)->show rmon channel fe.2.12 Port fe.2.12 Channel index= 628 EntryStatus= valid ---------------------------------------------------------Control off AcceptType matched OnEventIndex 0 OffEventIndex 0 EventIndex 0 Status ready Matches 4498 Description Thu Dec 16 12:57:32 EST 2004 Owner NetSight smith set rmon channel Use this command to configure an RMON channel entry.
clear rmon channel clear rmon channel Use this command to clear an RMON channel entry. Syntax clear rmon channel index Parameters index Specifies the channel entry to be cleared. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear RMON channel entry 2: C3(rw)->clear rmon channel 2 show rmon filter Use this command to display one or more RMON filter entries.
set rmon filter Data ff ff ff ff ff ff ----------------------------DataMask ff ff ff ff ff ff ----------------------------DataNotMask 00 00 00 00 00 00 set rmon filter Use this command to configure an RMON filter entry. Syntax set rmon filter index channel-index [offset offset] [status status] [smask smask] [snotmask snotmask] [data data] [dmask dmask] [dnotmask dnotmask] [owner owner] Parameters index Specifies an index number for this entry.
clear rmon filter clear rmon filter Use this command to clear an RMON filter entry. Syntax clear rmon filter {index index | channel channel} Parameters index index | channel channel Clears a specific filter entry, or all entries belonging to a specific channel. Defaults None. Mode Switch command, read‐write.
Packet Capture Commands Packet Capture Commands Note that packet capture filter is sampling only and does not guarantee receipt of back to back packets. Purpose To display RMON capture entries, configure, enable, or disable capture entries, and clear capture entries. Commands For information about... Refer to page... show rmon capture 12-24 set rmon capture 12-25 clear rmon capture 12-26 show rmon capture Use this command to display RMON capture entries and associated buffer control entries.
set rmon capture Owner monitor captureEntry= 1 Buff.
clear rmon capture Mode Switch command, read‐write. Example This example shows how to create RMON capture entry 1 to “listen” on channel 628: C3(rw)->set rmon capture 1 628 clear rmon capture Use this command to clears an RMON capture entry. Syntax clear rmon capture index Parameters index Specifies the capture entry to be cleared. Defaults None. Mode Switch command, read‐write.
13 Configuring DHCP Server This chapter describes the commands to configure the IPv4 DHCP server functionality on a SecureStack C3 switch. For information about... Refer to page...
DHCP Overview The amount of time that a particular IP address is valid for a system is called a lease. The SecureStack C3 maintains a lease database which contains information about each assigned IP address, the MAC address to which it is assigned, the lease expiration, and whether the address assignment is dynamic (automatic) or static (,manual). The DHCP lease database is stored in flash memory.
Configuring General DHCP Server Parameters Configuring General DHCP Server Parameters Purpose To configure DHCP server parameters, and to display and clear address binding information, server statistics, and conflict information. Commands Commands to configure DHCP server parameters and to display and clear DHCP server information are listed below. For information about... Refer to page...
set dhcp bootp Example This example enables DHCP server functionality. C3(rw)->set dhcp enable set dhcp bootp Use this command to enable or disable automatic address allocation for BOOTP clients. By default, address allocation for BOOTP clients is disabled. Refer to RFC 1534, “Interoperation Between DHCP and BOOTP,” for more information. Syntax set dhcp bootp {enable | disable} Parameters enable | disable Enable or disable address allocation for BOOTP clients. Defaults None.
show dhcp conflict show dhcp conflict Use this command to display conflict information, for one address or all addresses. Syntax show dhcp conflict [address] Parameters address [Optional] Specifies the address for which to display conflict information. Defaults If no address is specified, conflict information for all addresses is displayed. Mode Read‐only. Example This example displays conflict information for all addresses. Note that ping is the only detection method used.
set dhcp exclude Examples This example disables DHCP conflict logging. C3(rw)->clear dhcp conflict logging This example clears the conflict information for the IP address 192.0.0.2. C3(rw)->clear dhcp conflict 192.0.0.2 set dhcp exclude Use this command to configure the IP addresses that the DHCP server should not assign to DHCP clients. Multiple address ranges can be configured but the ranges cannot overlap. Up to 128 non‐ overlapping address ranges can be excluded.
clear dhcp exclude clear dhcp exclude Use this command to clear the configured IP addresses that the DHCP server should not assign to DHCP clients. Syntax clear dhcp exclude low-ipaddr [high-ipaddr] Parameters low‐ipaddr Specifies the first IP address in the address range to be cleared. high‐ipaddr (Optional) Specifies the last IP address in the address range to be cleared. Defaults None. Mode Switch command, read‐write.
clear dhcp ping clear dhcp ping Use this command to reset the number of ping packets sent by the DHCP server back to the default value of 2. Syntax clear dhcp ping packets Parameters None. Defaults None. Mode Switch command, read‐write. Example This example resets the number of ping packets sent back to the default value. C3(rw)->clear dhcp ping packets show dhcp binding Use this command to display binding information for one or all IP addresses.
clear dhcp binding 192.0.0.13 192.0.0.14 00:33:44:56:22:37 00:33:44:56:22:38 infinite infinite Manual Manual clear dhcp binding Use this command to clear (delete) one or all DHCP address bindings. Syntax clear dhcp binding {ip-addr | *} Parameters ip‐addr Specifies the IP address for which to clear/delete the DHCP binding. * Delete all address bindings. Defaults None. Mode Switch command, read‐write. Example This example deletes the DHCP address binding for IP address 192.168.1.1.
clear dhcp server statistics Messages ---------DHCP DISCOVER DHCP REQUEST DHCP DECLINE DHCP RELEASE DHCP INFORM Received ---------382 3855 0 67 1 Messages ---------DHCP OFFER DHCP ACK DHCP NACK clear dhcp server statistics Use this command to clear all DHCP server counters. Syntax clear dhcp server statistics Parameters None. Defaults None. Mode Switch command, read‐write. Example This example clears all DHCP server counters.
Configuring IP Address Pools Configuring IP Address Pools Manual Pool Configuration Considerations • The subnet of the IP address being issued should be on the same subnet as the ingress interface (that is, the subnet of the host IP address of the switch, or if routing interfaces are configured, the subnet of the routing interface).
Configuring IP Address Pools 13-12 For information about... Refer to page...
set dhcp pool set dhcp pool Use this command to create and assign a name to a DHCP server pool of addresses. Up to 16 address pools may be configured on a SecureStack C3. Note that entering this command is not required to create an address pool before configuring other address pool parameters. Syntax set dhcp pool poolname Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write.
set dhcp pool network set dhcp pool network Use this command to configure the subnet number and mask for an automatic DHCP address pool. Syntax set dhcp pool poolname network number {mask | prefix-length} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. number Specifies an IP subnet for the address pool. mask Specifies the subnet mask in dotted quad notation. prefix‐length Specifies the subnet mask as an integer. Defaults None.
set dhcp pool hardware-address Defaults None. Mode Switch command, read‐write. Example This example deletes the network and mask from the address pool named “auto1.” C3(rw)->clear dhcp pool auto1 network set dhcp pool hardware-address Use this command to configure the MAC address of the DHCP client and create an address pool for manual binding. You can use either this command or the set dhcp pool client‐identifier command to create a manual binding pool, but using both is not recommended.
clear dhcp pool hardware-address clear dhcp pool hardware-address Use this command to remove the hardware address of a DHCP client from a manual binding address pool. Syntax clear dhcp pool poolname hardware-address Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example deletes the client hardware address from the address pool named “manual1.
clear dhcp pool host C3(rw)->set dhcp pool manual1 hardware-address 0001.f401.2710 C3(rw)->set dhcp pool manual1 host 15.12.1.99 255.255.248.0 clear dhcp pool host Use this command to remove the host IP address from a manual binding address pool. Syntax clear dhcp pool poolname host Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write.
clear dhcp pool client-identifier Usage The client identifier is formed by concatenating the media type and the MAC address. For example, if the client hardware type is Ethernet and the client MAC address is 00:01:22:33:44:55, then the client identifier configured with this command must be 01:00:01:22:33:44:55. Example This example shows how to configure the minimum requirements for a manual binding address pool, using a client identifier rather than the hardware address of the client’s hardware platform.
set dhcp pool client-name set dhcp pool client-name Use this command to assign a name to a DHCP client when creating an address pool for manual binding. Syntax set dhcp pool poolname client-name name Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. name Specifies the name to be assigned to this client. Client names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write.
set dhcp pool bootfile set dhcp pool bootfile Use this command to specify a default boot image for the DHCP clients who will be served by the address pool being configured. Syntax set dhcp pool poolname bootfile filename Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. filename Specifies the boot image file name. Defaults None. Mode Switch command, read‐write. Example This example sets the boot image filename for address pool named “auto1.
set dhcp pool next-server set dhcp pool next-server Use this command to specify the file server from which the default boot image is to be loaded by the client. Syntax set dhcp pool poolname next-server ip-address Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. ip‐address Specifies the IP address of the file server the DHCP client should contact to load the default boot image. Defaults None. Mode Switch command, read‐write.
set dhcp pool lease set dhcp pool lease Use this command to specify the duration of the lease for an IP address assigned by the DHCP server from the address pool being configured. Syntax set dhcp pool poolname lease {days [hours [minutes]] | infinite} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. days Specifies the number of days an address lease will remain valid. Value can range from 0 to 59.
set dhcp pool default-router Mode Switch command, read‐write. Example This example restores the default lease duration of one day for address pool “auto1.” C3(rw)->clear dhcp pool auto1 lease set dhcp pool default-router Use this command to specify a default router list for the DHCP clients served by the address pool being configured. Up to 8 default routers can be configured. Syntax set dhcp pool poolname default-router address [address2 ...
clear dhcp pool default-router clear dhcp pool default-router Use this command to delete the default routers configured for this address pool. Syntax clear dhcp pool poolname default-router Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example removes the default router from the address pool “auto1.
clear dhcp pool dns-server clear dhcp pool dns-server Use this command to remove the DNS server list from the address pool being configured. Syntax clear dhcp pool poolname dns-server Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example removes the DNS server list from the address pool “auto1.
clear dhcp pool domain-name clear dhcp pool domain-name Use this command to remove the domain name from the address pool being configured. Syntax clear dhcp pool poolname domain-name Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example removes the domain name from the address pool “auto1.
clear dhcp pool netbios-name-server clear dhcp pool netbios-name-server Use this command to remove the NetBIOS namer server list from the address pool being configured. clear dhcp pool poolname netbios-name-server Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example removes the NetBIOS name server list from the address pool auto1.
clear dhcp pool netbios-node-type clear dhcp pool netbios-node-type Use this command to remove the NetBIOS node type from the address pool being configured. Syntax clear dhcp pool poolname netbios-node-type Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example removes the NetBIOS node type from the address pool “auto1.
clear dhcp pool option Examples This example configures DHCP option 19, which specifies whether the client should configure its IP layer for packet forwarding. In this case, IP forwarding is enabled with the 01 value. C3(rw)->set dhcp pool auto1 option 19 hex 01 This example configures DHCP option 72, which assigns one or more Web servers for DHCP clients. In this case, two Web server addresses are configured. C3(rw)->set dhcp pool auto1 option 72 ip 168.24.3.252 168.24.3.
show dhcp pool configuration show dhcp pool configuration Use this command to display configuration information for one or all address pools. Syntax show dhcp pool configuration {poolname | all} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Read‐only. Example This example displays configuration information for all address pools.
14 Preparing for Router Mode This chapter describes how to prepare the switch for routing. For information about ... Refer to page ... Pre-Routing Configuration Tasks 14-1 Enabling Router Configuration Modes 14-3 Pre-Routing Configuration Tasks Startup and general configuration of the SecureStack C3 switch must occur from the switch CLI.
Pre-Routing Configuration Tasks Table 14-1 Enabling the Switch for Routing To do this task... Type this command... At this prompt... For details, see... Step 1 From admin (su) mode, enable router mode. router Switch: C3(su)-> Step 2 Enable router Privileged EXEC mode. enable Router: C3(su)->router> Step 3 Enable global router configuration mode. configure Router: C3(su)->router# Step 4 Enable interface configuration mode using the routing VLAN or loopback id.
Enabling Router Configuration Modes Enabling Router Configuration Modes The SecureStack C3 CLI provides different modes of router operation for issuing a subset of commands from each mode. Table 14‐2 describes these modes of operation. Table 14-2 Router CLI Configuration Modes Use this mode... To... Access method... Resulting Prompt... Privileged EXEC Mode Set system operating parameters From the switch CLI: Type router, then C3(su)->router> Show configuration parameters Type enable.
Enabling Router Configuration Modes 14-4 Preparing for Router Mode
15 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 14-3. For information about... Refer to page...
show interface For information about... Refer to page... show running-config 15-6 no shutdown 15-7 no ip routing 15-7 show interface Use this command to display information about one or more interfaces (VLANs or loopbacks) configured on the router. Syntax show interface [vlan vlan-id ] [loopback loop-id] Parameters vlan vlan‐id (Optional) Displays interface information for a specific VLAN interface.
interface interface Use this command to configure interfaces for IP routing. Syntax interface vlan vlan-id | loopback loop-id Parameters vlan vlan‐id Specifies the number of the VLAN interface to be configured for routing. This interface must be configured for IP routing as described in “Pre‐ Routing Configuration Tasks” on page 14‐1. loopback loop‐id Specifies the number of the loopback interface to be configured for routing. The value of loop‐id can range from 0 to 7. Defaults None.
show ip interface This example shows how to enter configuration mode for loopback 1: C3(su)->router#configure C3(su)->router(Config)#interface loopback 1 C3(su)->router(Config-if(Lpbk 1))# show ip interface Use this command to display information, including administrative status, IP address, MTU (Maximum Transmission Unit) size and bandwidth, and ACL configurations, for interfaces configured for IP.
ip address Table 15-1 show ip interface Output Details (Continued) Output What It Displays... Frame Type Encapsulation type used by this interface. Set using the arp command as described in “arp” on page 15-14. MAC-Address MAC address mapped to this interface. Incoming Access List Whether or not an access control list (ACL) has been configured for ingress on this interface using the commands described in “Configuring Access Lists” on page 21-70. Outgoing Access List Not applicable.
show running-config Example This example sets the IP address to 192.168.1.1 and the network mask to 255.255.255.0 for VLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip address 192.168.1.1 255.255.255.0 show running-config Use this command to display the non‐default, user‐supplied commands entered while configuring the device. Syntax show running-config Parameters None. Defaults None. Mode Any router mode.
no shutdown no shutdown Use this command to enable an interface for IP routing and to allow the interface to automatically be enabled at device startup. Syntax no shutdown shutdown Parameters None. Defaults None. Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Usage The shutdown form of this command disables an interface for IP routing.
Configuring Tunnel Interfaces Configuring Tunnel Interfaces Purpose The commands in this section describe how to create, delete, and manage tunnel interfaces. Several different types of tunnels provide functionality to facilitate the transition of IPv4 networks to IPv6 networks. These tunnels are divided into two classes: configured and automatic. The distinction is that configured tunnels are explicitly configured with a destination or endpoint of the tunnel.
tunnel source The no form of this command removes the tunnel interface and associated configuration parameters. Example This example creates a configured tunnel interface 1. C3(su)->router(Config)# interface tunnel 1 C3(su)->router(Config-if(Tnnl 1))# tunnel source This command specifies the IPv4 source transport address of the tunnel. Syntax tunnel source {ipv4-addr | interface vlan vlan-id} no tunnel source Parameters ipv4‐addr The IPv4 source address of the tunnel.
tunnel mode Defaults None. Mode Router interface configuration: C3(su)‐>router(Config‐if(Tnnl 1))# Usage The no form of this command removes the destination IPv4 address for the tunnel interface being configured. Example The following example configures the destination IPv4 address for tunnel 1. C3(su)->router(Config)# interface tunnel 1 C3(su)->router(Config-if(Tnnl 1))# C3(su)->router(Config-if(Tnnl 1))# tunnel destination 192.168.10.
show interface tunnel show interface tunnel This command displays information about a configured tunnel interface. Syntax show interface tunnel tunnel-id Parameters tunnel‐id Specifies the tunnel for which to display information. Defaults None. Mode Router global configuration: C3(su)‐>router(Config)# Router privileged exec: C3(su)‐>router# Usage Use this command to display general interface information.
Reviewing and Configuring the ARP Table Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands The commands used to review and configure the ARP table are listed below: For information about... Refer to page...
show ip arp Example This example shows how to use the show ip arp command: C3(su)->router#show ip arp Protocol Address Age (min) Hardware Addr Type Interface -----------------------------------------------------------------------------Internet 134.141.235.251 0 0003.4712.7a99 ARPA Vlan1 Internet 134.141.235.165 - 0002.1664.a5b3 ARPA Vlan1 Internet 134.141.235.167 4 00d0.cf00.4b74 ARPA Vlan2 C3(su)->router#show ip arp 134.141.235.
arp arp Use this command to add or remove permanent (static) ARP table entries. Up to 1,000 static ARP entries are supported per SecureStack C3 system. A multicast MAC address can be used in a static ARP entry. The no form of this command removes the specified permanent ARP entry: Syntax arp ip-address mac-address arpa no arp ip-address Parameters ip‐address Specifies the IP address of a device on the network. Valid values are IP addresses in dotted decimal notation.
ip proxy-arp ip proxy-arp Use this command to enable proxy ARP on an interface. The no form of this command disables proxy ARP. Syntax ip proxy-arp no ip proxy-arp Parameters None. Defaults Disabled. Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Usage This variation of the ARP protocol allows the router to send an ARP response on behalf of an end node to the requesting host.
clear arp-cache Example This example shows how to set the ARP timeout to 7200 seconds: C3(su)->router(Config)#arp timeout 7200 clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. clear arp-cache Parameters None. Mode Privileged EXEC: C3(su)‐>router# Defaults None.
Configuring Broadcast Settings Configuring Broadcast Settings Purpose To configure IP broadcast settings. Commands The commands used to configure IP broadcast settings are listed below: For information about... Refer to page... ip directed-broadcast 15-17 ip helper-address 15-18 ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface. The no form of this command disables IP directed broadcast globally.
ip helper-address ip helper-address Use this command to enable DHCP/BOOTP relay and the forwarding of local UDP broadcasts specifying a new destination address on a routing interface. Up to 3 IP helper addresses may be configured per interface. The no form of this command disables the forwarding of UDP datagrams to the specified address. Syntax ip helper-address address no ip helper-address address Parameters address Address of the host where UDP broadcast packets should be forwarded. Defaults None.
Reviewing IP Traffic and Configuring Routes Reviewing IP Traffic and Configuring Routes Purpose To review IP traffic and configure routes, to send router ICMP (ping) messages, and to execute traceroute. Commands The commands used to review IP traffic and configure routes are listed below: For information about... Refer to page... show ip route 15-19 ip route 15-20 ping 15-21 traceroute 15-22 show ip route Use this command to display information about IP routes.
ip route Usage Routes are managed by the RTM (Route Table Manager), and are contained in the RIB (Route Information Base). This database contains all the active static routes, all the RIP routes, and up to three best routes to each network as determined by OSPF. The RTM selects up to three of the best routes to each network and installs these routes in the FIB (Forwarding Information Base). Example This example shows how to display all IP route information.
ping ping Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ip-address Parameters ip‐address Specifies the IP address of the system to ping. Defaults None. Mode Privileged EXEC: C3(su)‐>router# Usage This command is also available in switch mode. Examples This example shows output from a successful ping to IP address 182.127.63.23: C3(su)->router#ping 182.127.63.23 182.127.63.
traceroute traceroute Use this command to display a hop‐by‐hop path through an IP network from the device to a specific destination host. Three ICMP probes will be transmitted for each hop between the source and the traceroute destination. Syntax traceroute host Parameters host Specifies a host to which the route of an IP packet will be traced. Defaults None. Mode Privileged EXEC: C3(su)‐>router# Usage There is also a traceroute command available in switch mode.
16 IPv4 Routing Protocol Configuration This chapter describes the IPv4 Routing Protocol Configuration set of commands and how to use them. Router: The commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 14-3. For information about... Refer to page...
Configuring RIP Configuring RIP Purpose To enable and configure the Routing Information Protocol (RIP). RIP Configuration Task List and Commands Table 16‐1 lists the tasks and commands associated with RIP configuration. Commands are described in the associated section as shown. Table 16-1 16-2 RIP Configuration Task List and Commands To do this... Use these commands... Enable RIP configuration mode. “router rip” on page 16-3 Enable RIP on an interface.
router rip router rip Use this command to enable or disable RIP configuration mode. The no form of this command disables RIP. Syntax router rip no router rip Parameters None. Defaults None. Mode Global configuration: C3(su)‐>router(Config)# Usage You must execute the router rip command to enable the protocol before completing many RIP‐ specific configuration tasks. For details on enabling configuration modes, refer to Table 14‐2 in “Enabling Router Configuration Modes” on page 14‐3.
distance Example This example shows how to enable RIP on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip rip enable distance Use this command to configure the administrative distance for RIP routes. The no form of this command resets RIP administrative distance to the default value of 120. Syntax distance weight no distance [weight] Parameters weight Specifies an administrative distance for RIP routes. Valid values are 1 ‐ 255. Defaults None.
ip rip send version ip rip send version Use this command to set the RIP version(s) for update packets transmitted on an interface. The no form of this command restores the version of update packets that was transmitted by the RIP router. Syntax ip rip send version {1 | 2 | r1compatible} no ip rip send version Parameters 1 Specifies RIP version 1. 2 Specifies RIP version 2. This is the default setting.
ip rip authentication-key Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Defaults None. Example This example shows how to set the RIP receive version to 2 for update packets received on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip rip receive version 2 ip rip authentication-key Use this command to enable or disable a RIP authentication key (password) for use on an interface.
ip rip message-digest-key ip rip message-digest-key Use this command to enable or disable a RIP MD5 authentication key (password) for use on an interface. The no form of this command prevents RIP from using authentication. Syntax ip rip message-digest-key keyid md5 key no ip rip message-digest-key keyid Parameters keyid Specifies the key ID to enable or disable for RIP authentication. Valid values are 1 to 255. md5 Specifies use of the MD5 algorithm. key Specifies the RIP authentication password.
no auto-summary no auto-summary Use this command to disable automatic route summarization. Syntax no auto-summary auto-summary Parameters None. Defaults None. Mode Router configuration: C3(su)‐>router(Config‐router)# Usage By default, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boundaries.
split-horizon poison split-horizon poison Use this command to enable or disable split horizon poison‐reverse mode for RIP packets. The no form of this command disables split horizon poison reverse. Syntax split-horizon poison no split-horizon poison Parameters None. Defaults None. Mode Router configuration: C3(su)‐>router(Config‐router)# Usage Split horizon prevents packets from exiting through the same interface on which they were received.
receive-interface Usage This command does not prevent RIP from monitoring updates on the interface. Example This example shows how to set VLAN 2 as a passive interface. No RIP updates will be transmitted on VLAN 2: C3(su)->router(Config)#router rip C3(su)->router(Config-router)#passive-interface vlan 2 receive-interface Use this command to allow RIP to receive update packets on an interface. The no form of this command denies the reception of RIP updates.
redistribute redistribute Use this command to allow routing information discovered through non‐RIP protocols to be distributed in RIP update messages. The no form of this command clears redistribution parameters. Syntax redistribute {connected | ospf process-id | static} [metric metric value] [subnets] no redistribute {connected | ospf process-id | static} Parameters connected Specifies that non‐RIP routing information discovered via directly connected interfaces will be redistributed.
Configuring OSPF Configuring OSPF * Advanced License Required * OSPF is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the OSPF command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
Configuring OSPF Table 16-2 OSPF Configuration Task List and Commands (Continued) To do this... Use these commands... • Define an area as a stub area. “area stub” on page 16-24 • Set the cost value for the default route that is sent into a stub area. “area default cost” on page 16-25 • Define an area as an NSSA. “area nssa” on page 16-26 Create virtual links. “area virtual-link” on page 16-27 Enable redistribution from non-OSPF routes. “redistribute” on page 16-28 Monitor and maintain OSPF.
router id router id Use this command to set the OSPF router ID for the device. This IP address must be set manually in order to run OSPF. The no form of this command removes the router ID for the device. Syntax router id ip-address no router id Parameters ip‐address Specifies the IP address that OSPF will use as the router ID. Defaults None. Mode Router configuration: C3(su)‐>router(Config‐router)# Example This example shows how to set the OSPF router ID to IP address 182.127.62.
1583compatibility Example This example shows how to enable routing for OSPF process 1: C3(su)->router#conf terminal C3(su)->router(Config)#router ospf 1 C3(su)->router(Config-router)# 1583compatibility Use this command to enable RFC 1583 compatibility on OSPF interfaces. The no form of this command disables RFC 1583 compatibility on OSPF interfaces. Syntax 1583compatability no 1583compatability Parameters None. Defaults None.
ip ospf enable ip ospf enable Use this command to enable OSPF on an interface. The no form of this command disables OSPF on an interface. Syntax ip ospf enable no ip ospf enable Parameters None. Defaults None.
ip ospf cost ip ospf cost Use this command to set the cost of sending an OSPF packet on an interface. The no form of this command resets the OSPF cost to the default of 10. Syntax ip ospf cost cost no ip ospf cost Parameters cost Specifies the cost of sending a packet. Valid values range from 1 to 65535. Defaults None. Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Usage Each router interface that participates in OSPF routing is assigned a default cost.
timers spf Usage The priority value is communicated between routers by means of hello messages and influences the election of a designated router. Example This example shows how to set the OSPF priority to 20 for the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip ospf priority 20 timers spf Use this command to change OSPF timer values to fine‐tune the OSPF network.
ip ospf retransmit-interval ip ospf retransmit-interval Use this command to set the amount of time between retransmissions of link state advertisements (LSAs) for adjacencies that belong to an interface. The no form of this command resets the retransmit interval value to the default, 5 seconds. Syntax ip ospf retransmit-interval seconds no ip ospf retransmit-interval Parameters seconds Specifies the retransmit time in seconds. Valid values are 1 to 65535. Defaults None.
ip ospf hello-interval Example This example shows how to set the time required to transmit a link state update packet on the VLAN 1 interface at 20 seconds: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip ospf transmit-delay 20 ip ospf hello-interval Use this command to set the number of seconds a router must wait before sending a hello packet to neighbor routers on an interface. The no form of this command sets the hello interval value to the default value of 10 seconds.
ip ospf dead-interval ip ospf dead-interval Use this command to set the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service. The no form of this command sets the dead interval value to the default value of 40 seconds.
ip ospf message digest key md5 Usage This password is used as a “key” that is inserted directly into the OSPF header in routing protocol packets. A separate password can be assigned to each OSPF network on a per‐interface basis. All neighboring routers on the same network must have the same password configured to be able to exchange OSPF information.
distance ospf distance ospf Use this command to configure the administrative distance for OSPF routes. The no form of this command resets OSPF administrative distance to the default values. Syntax distance ospf {external | inter-area | intra-area}weight no distance ospf {external | inter-area | intra-area} Parameters external | inter‐ area | intra‐area Applies the distance value to external (type 5 and type 7), to inter‐area, or to intra‐area routes.
area range area range Use this command to define the range of addresses to be used by Area Border Routers (ABRs) when they communicate routes to other areas. Each SecureStack C3 stack can support up to 4 OSPF areas. The no form of this command stops the routes from being summarized. Syntax area area-id range ip-address ip-mask [advertise | no-advertise] no area area-id range ip-address ip-mask Parameters area‐id Specifies the area from which routes are to be summarized.
area default cost Mode Router configuration: C3(su)‐>router(Config‐router)# Defaults If no‐summary is not specified, the stub area will be able to receive LSAs. Example The following example shows how to define OSPF area 10 as a stub area: C3(su)->router(Config)#router ospf 1 C3(su)->router(Config-router)#area 10 stub area default cost Use this command to set the cost value for the default route that is sent into a stub area and NSSA by an Area Border Router (ABR).
area nssa area nssa Use this command to configure an area as a Not So Stubby Area (NSSA). The no form of this command changes the NSSA back to a plain area. Syntax area area-id nssa [default-information-originate] no area area-id nssa [default-information-originate] Parameters area‐id Specifies the NSSA area. Valid values are decimal values or IP addresses. default‐ information‐ originate (Optional) Generates a default of Type 7 into the NSSA. This is used when the router is an NSSA ABR.
area virtual-link area virtual-link Use this command to define an OSPF virtual link, which represents a logical connection between the backbone and a non‐backbone OSPF area. The no form of this command removes the virtual link and/or its associated settings.
redistribute Mode Router configuration: C3(su)‐>router(Config‐router)# Example This example shows how to configure a virtual link over transition area 0.0.0.2 to router ID 192.168.7.2: C3(su)->router(Config)#router ospf 1 C3(su)->router(Config-router)#area 0.0.0.2 virtual-link 192.168.7.2 redistribute Use this command to allow routing information discovered through non‐OSPF protocols to be distributed in OSPF update messages. The no form of this command clears redistribution parameters.
show ip ospf Example This example shows how to redistribute RIP routing information to non‐subnetted routes in OSPF routes: C3(su)->router(Config)#router ospf C3(su)->router(Config-router)#redistribute rip show ip ospf Use this command to display OSPF information. Syntax show ip ospf Parameters None. Defaults None. Mode Any router mode. Example This example shows how to display OSPF information: C3(su)->router#show ip ospf Routing process "ospf 1" with ID 155.155.155.
show ip ospf database show ip ospf database Use this command to display the OSPF link state database. Syntax show ip ospf database Parameters None. Defaults None. Mode Any router mode. Example This example shows how to display all OSPF link state database information. This is a portion of the command output: C3(su)->router#show ip ospf database OSPF Router with ID(155.155.155.155) Displaying Ipnet Sum Link States(Area 0.0.0.0) LinkID ADV Router Age Seq# 192.168.16.0 155.155.155.
show ip ospf database 8.1.3.0 8.1.4.0 3.3.3.3 3.3.3.3 1502 1512 0x80000003 0x80000003 0x27f5 0x1c00 Table 16‐3 provides an explanation of the command output. Table 16-3 show ip ospf database Output Details Output What It Displays... Link ID Link ID, which varies as a function of the link state record type, as follows: • Net Link States - Shows the interface IP address of the designated router to the broadcast network. • Router Link States - Shows the ID of the router originating the record.
show ip ospf interface show ip ospf interface Use this command to display OSPF interface related information, including network type, priority, cost, hello interval, and dead interval. Syntax show ip ospf interface [vlan vlan-id] Parameters vlan vlan‐id (Optional) Displays OSPF information for a specific VLAN. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1. Defaults If vlan‐id is not specified, OSPF statistics will be displayed for all VLANs.
show ip ospf neighbor Table 16-4 show ip ospf interface Output Details (Continued) Output What It Displays... Interface Addr IP address of the designated router on this interface. Backup Designated Router id IP address of the backup designated router on this interface, if one exists, in which case Err will be displayed. Timer intervals configured OSPF timer intervals.
show ip ospf virtual-links Table 16-5 show ip ospf neighbor Output Details Output What It Displays... ID Neighbor’s router ID of the OSPF neighbor. Pri Neighbor’s priority over this interface. State Neighbor’s OSPF communication state. Dead-Int Interval (in seconds) this router will wait without receiving a Hello packet from a neighbor before declaring the neighbor is down. Address Neighbor’s IP address. Interface Neighbor’s interface (VLAN).
clear ip ospf process Table 16-6 show ip ospf virtual links Output Details (Continued) Output What It Displays... Timer intervals configured Timer intervals configured for the virtual link, including Hello, Wait, and Retransmit intervals. Adjacency State State of adjacency between this router and the virtual link neighbor of this router. clear ip ospf process Use this command to reset the OSPF process. This will require adjacencies to be reestablished and routes to be reconverged.
Configuring DVMRP Configuring DVMRP * Advanced License Required * DVMRP is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the DVMRP command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
ip dvmrp ip dvmrp Use this command to enable the DVMRP process. The no form of this command disables the DVMRP process: Syntax ip dvmrp no ip dvmrp Parameters None. Defaults None. Mode Global configuration: C3(su)‐>router(Config)# Example This example shows how to enable the DVMRP process: C3(su)->router(Config)#ip dvmrp ip dvmrp enable Use this command to enable DVMRP on an interface.
ip dvmrp metric ip dvmrp metric Use this command to configure the metric associated with a set of destinations for DVMRP reports. Syntax ip dvmrp metric metric Parameters metric Specifies a metric associated with a set of destinations for DVMRP reports. Valid values are from 1 to 31. Defaults None. Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Usage To reset the DVMRP metric back to the default value of 1, enter ip dvmrp metric 1.
show ip dvmrp Example This example shows how to display DVMRP status information: C3(su)->router#show ip dvmrp Vlan Id Metric Admin Status -----------------------10 Enabled 18 Enabled 20 Enabled 25 Enabled 32 Enabled 500 Enabled Oper.
Configuring IRDP Configuring IRDP Purpose To enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway. It is disabled by default. Commands The commands used to enable and configure IRDP are listed below: For information about... Refer to page...
ip irdp maxadvertinterval ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements. The no form of this command resets the maximum advertisement interval to the default value of 600 seconds. Syntax ip irdp maxadvertinterval interval no irdp maxadvertinterval Parameters interval Specifies a maximum advertisement interval in seconds. Valid values are 4 to 1800. Defaults None.
ip irdp holdtime Example This example shows how to set the minimum IRDP advertisement interval to 500 seconds on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip irdp minadvertinterval 500 ip irdp holdtime Use this command to set the length of time in seconds IRDP advertisements are held valid. The no form of this command resets the hold time to the default value of three times the maxadvertinterval value, which is equal to 1800 seconds.
ip irdp broadcast Defaults None. Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Example This example shows how to set IRDP preference on the VLAN 1 interface so that the interface’s address may still be advertised, but cannot be used by neighboring hosts as a default router address: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip irdp preference -2147483648 ip irdp broadcast Use this command to configure IRDP to use the limited broadcast address of 255.255.
show ip irdp show ip irdp Use this command to display IRDP information. Syntax show ip irdp [vlan vlan-id] Parameters vlan vlan‐id (Optional) Displays IRDP information for a specific VLAN. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1. Defaults If vlan vlan‐id is not specified, IRDP information for all interfaces will be displayed.
Configuring VRRP Configuring VRRP * Advanced License Required * VRRP is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the VRRP command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
router vrrp router vrrp Use this command to enable or disable VRRP configuration mode. The no form of this command removes all VRRP configurations from the running configuration. Syntax router vrrp no router vrrp Parameters None. Defaults None. Mode Global configuration: C3(su)‐>router(Config)# Usage You must execute the router vrrp command to enable the protocol before completing other VRRP‐specific configuration tasks.
create create Use this command to create a VRRP session. Each SecureStack C3 system supports up to 20 VRRP sessions. The no form of this command disables the VRRP session. Syntax create vlan vlan-id vrid no create vlan vlan-id vrid Parameters vlan vlan‐id Specifies the number of the VLAN on which to create a VRRP session. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1.
address address Use this command to configure a virtual router IP address. The no form of this command clears the VRRP address configuration. Syntax address vlan vlan-id vrid ip-address owner no address vlan vlan-id vrid ip-address owner Parameters vlan vlan‐id Specifies the number of the VLAN on which to configure a virtual router address. This VLAN must be configured for IP routing as described in “Pre‐ Routing Configuration Tasks” on page 14‐1.
priority priority Use this command to set a priority value for a VRRP router. The no form of this command clears the VRRP priority configuration. Syntax priority vlan vlan-id vrid priority-value no priority vlan vlan-id vrid priority-value Parameters vlan vlan‐id Specifies the number of the VLAN on which to configure VRRP priority. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1.
advertise-interval advertise-interval Use this command to set the interval in seconds between VRRP advertisements. The no form of this command clears the VRRP advertise interval value. Syntax advertise-interval vlan vlan-id vrid interval no advertise-interval vlan vlan-id vrid interval Parameters vlan vlan‐id Specifies the number of the VLAN on which to configure the VRRP advertisement interval. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1.
preempt preempt Use this command to enable or disable preempt mode on a VRRP router. The no form of this command disables preempt mode. Syntax preempt vlan-id vrid no preempt vlan-id vrid Parameters vlan vlan‐id Specifies the number of the VLAN on which to set preempt mode. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255.
enable enable Use this command to enable VRRP on an interface. The no form of this command disables VRRP on an interface. Syntax enable vlan vlan-id vrid no enable vlan vlan-id vrid Parameters vlan vlan‐id Specifies the number of the VLAN on which to enable VRRP. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 14‐1. vrid Specifies the Virtual Router ID (VRID) associated with the vlan‐id. Valid values are from 1 to 255. Defaults None.
show ip vrrp show ip vrrp Use this command to display VRRP routing information. Syntax show ip vrrp Parameters None. Defaults None. Mode Any router mode. Example This example shows how to display VRRP information C3(su)->router(Config)#show ip vrrp -----------VRRP CONFIGURATION----------Vlan Vrid State Owner AssocIpAddr 2 1 Initialize 0 25.25.2.
Configuring PIM-SM Configuring PIM-SM * Advanced License Required * PIM is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the PIM command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
ip pimsm ip pimsm This command sets administrative mode of PIM‐SM multicast routing across the router to enabled. IGMP must be enabled before PIM‐SM can be enabled. By default, both IGMP and PIM are globally disabled. The no form of this command disables PIM across the entire stack. Syntax ip pimsm no ip pimsm Parameters None. Defaults None.
ip pimsm enable ip pimsm enable This command sets the administrative mode of PIM‐SM multicast routing on a routing interface to enabled. By default, PIM is disabled on all IP interfaces. The no form of this command disables PIM on the specific interface. Syntax ip pimsm enable no ip pimsm enable Parameters None. Defaults None. Mode Interface configuration: C3(su)‐>router(Config‐if(Vlan 1))# Example This example shows how to enable PIM on IP interface for VLAN 1.
ip pimsm query-interval ip pimsm query-interval This command configures the transmission frequency of hello messages in seconds between PIM‐enabled neighbors. The no form of this command resets the hello interval to the default, 30 seconds. Syntax ip pimsm query-interval seconds no ip pimsm query-interval Parameters seconds This field has a range of 10 to 3600 seconds. Default is 30. Defaults None.
show ip pimsm componenttable PIM-SM INTERFACE STATUS VlanId Interface Mode --------- -------------8 Disable 16 Enable 17 Enable 20 Enable 30 Enable 31 Disable 32 Disable 33 Disable Protocol State ---------------Non-Operational Operational Operational Operational Operational Non-Operational Non-Operational Non-Operational Table 16‐7 provides an explanation of the command output.
show ip pimsm interface COMPONENT TABLE Component Index Component BSR Address Component BSR Expiry Time (hh:mm:ss) --------------- --------------192.168.30.2 00:02:10 ---------1 Component CRP Hold Time (hh:mm:ss) ------------00:00:00 Table 16‐8 provides an explanation of the command output. Table 16-8 show ip pimsm componenettable Output Detail Output What it displays Component Index This field displays a number which uniquely identifies the component.
show ip pimsm interface Mode Hello Interval (secs) CBSR Preference CRP Preference CBSR Hash Mask Length enable 30 secs -1 -1 30 Table 16‐9 provides an explanation of the show ip pimsm interface vlan command output. Table 16-9 show ip pimsm interface vlan Output Details Output What it displays IP Address The IP address of the specified interface. Subnet Mask The Subnet Mask for the IP address of the PIM interface. Mode Indicates whether PIM-SM is enabled or disabled on the specified interface.
show ip pimsm neighbor show ip pimsm neighbor Display the router’s PIM neighbors. Syntax show ip pimsm neighbor [vlan-id] Parameters vlan‐id (Optional) Display all neighbors discovered on a specific Interface. Mode Any router mode. Defaults If the VLAN id is omitted, all neighbors off all interfaces will be displayed.
show ip pimsm rp show ip pimsm rp This command displays the PIM information for candidate Rendezvous Points (RPs) for all IP multicast groups or for a specific group address. The information in the table is displayed for each IP multicast group. Syntax show ip pimsm rp {group-address group-mask | all | candidate} Parameters group‐address The multicast group IP address. group‐mask The multicast group address subnet mask. all For all known group addresses.
show ip pimsm rphash C3(su)->router> show ip pimsm rp candidate CANDIDATE RP TABLE Group Address Group Mask Address --------------- --------------- --------------224.0.0.0 240.0.0.0 192.168.30.2 show ip pimsm rphash Displays the Rendezvous Point router that will be selected from the set of active RP routers. The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362. Syntax show ip pimsm rphash group-address Parameters group‐address The Group Address for the RP.
show ip pimsm staticrp Example This example shows how to display PIM information. C3(su)->router# show ip pimsm staticrp STATIC RP TABLE Address Group Address Group Mask --------------- --------------- --------------123.231.111.121 234.0.0.0 255.0.0.0 192.168.129.223 224.0.0.0 240.0.0.0 Table 16‐13 provides an explanation of the command output. Table 16-13 16-64 show ip pimsm staticrp Output Details Output What it displays Address The IP address of the RP.
17 IPv6 Management This chapter describes the switch mode set of commands used to manage IPv6. Purpose To enable or disable the IPv6 management function, to configure and display the IPv6 host address and IPv6 gateway for the switch, and to display IPv6 status information. Commands For information about... Refer to page...
show ipv6 status show ipv6 status Use this command to display the status of the IPv6 management function. Syntax show ipv6 status Parameters None. Defaults None. Mode Switch mode, read‐only. Example This example shows how to display IPv6 management function status. C3(ro)->show ipv6 status IPv6 Administrative Mode: Disabled set ipv6 Use this command to globally enable or disable the IPv6 management function.
set ipv6 address IPv6 Administrative Mode: Enabled C3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 set ipv6 address Use this command to configure IPv6 global addressing information. Syntax set ipv6 address ipv6-addr/prefix-length [eui64] Parameters ipv6‐addr The IPv6 address or prefix to be configured.
show ipv6 address C3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64 show ipv6 address Use this command to display the system IPv6 address(es) and IPv6 gateway address (default router), if configured. Syntax show ipv6 address Parameters None. Defaults None. Mode Switch command, read‐only.
clear ipv6 address clear ipv6 address Use this command to clear IPv6 global addresses. Syntax clear ipv6 [address {all|ipv6-addr/prefix-length}] Parameters ipv6‐addr The IPv6 address to be cleared. This parameter must be in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons. prefix‐length The length of the IPv6 prefix for this address.
set ipv6 gateway set ipv6 gateway Use this command to configure the IPv6 gateway (default router) address. Syntax set ipv6 gateway ipv6-addr Parameters ipv6‐addr The IPv6 address to be configured. The address can be a global unicast or link‐local IPv6 address, in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons. Defaults None. Mode Switch mode, read‐write. Usage This command configures the IPv6 gateway address.
clear ipv6 gateway clear ipv6 gateway Use this command to clear an IPv6 gateway address. Syntax clear ipv6 gateway Parameters None. Defaults None. Mode Switch mode, read‐write. Example This example shows how to remove a configured IPv6 gateway address.
show ipv6 netstat C3(su)->show ipv6 neighbors Last IPv6 Address MAC Address isRtr State Updated --------------------------------------- ----------------- ----- ------- ------2001:db8:1234:6666::2310:3 00:04:76:73:42:31 True Reachable 00:01:16 show ipv6 netstat Use this command to display IPv6 netstat information. Syntax show ipv6 netstat Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows the output of this command.
ping ipv6 ping ipv6 Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ipv6-addr [size num] Parameters ipv6‐addr Specifies the IPv6 address of the system to ping. Enter the address in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons. size num (Optional) Specifies the size of the datagram packet. The value of num can range from 48 to 2048 bytes. Defaults None. Mode Switch mode, read‐write.
traceroute ipv6 traceroute ipv6 Use this command to discover the routes that packets actually take when traveling to their destination through the network on a hop‐by‐hop basis. Syntax traceroute ipv6 ipv6-addr [port] Parameters ipv6‐addr Specifies a host to which the route of an IPv6 packet will be traced. Enter the address in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons.
18 IPv6 Configuration * IPv6 Routing License Required * IPv6 routing must be enabled with a license key. If you have purchased an IPv6 routing license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the IPv6 routing configuration command set. If you wish to purchase an IPv6 routing license, contact Enterasys Networks Sales.
Overview autoconfiguration is part of Router Advertisement and the SecureStack C3 can support both stateless and stateful autoconfiguration of end nodes. The SecureStack C3 supports both EUI‐64 interface identifiers and manually configured interface IDs.
General Configuration Commands General Configuration Commands The commands for general configuration of IPv6 parameters are: For information about... Refer to page... ipv6 forwarding 18-3 ipv6 hop-limit 18-4 ipv6 route 18-4 ipv6 route distance 18-5 ipv6 unicast-routing 18-6 ping ipv6 18-7 ping ipv6 interface 18-8 traceroute ipv6 18-9 ipv6 forwarding This command enables or disables IPv6 forwarding on the router. Syntax ipv6 forwarding no ipv6 forwarding Parameters None.
ipv6 hop-limit ipv6 hop-limit This command sets the maximum number of IPv6 hops used in IPv6 packets and router advertisements generated by this device. Syntax ipv6 hop-limit hops no ipv6 hop-limit Parameters hops Specifies the maximum number of IPv6 hops used in IPv6 packets and router advertisements generated by this device. Value can range from 1 to 255. The default value is 64. Defaults 64.
ipv6 route distance next‐hop‐globaladdr The IPv6 global address of the next hop that can be used to reach the specified network. This address cannot be a link‐local address. interface slot/port Used to identify direct static routes from point‐to‐point and broadcast interfaces, and must be specified when using a link‐local address as the next hop. next‐hop‐lladdr Link‐local address of the interface.
ipv6 unicast-routing Mode Router global configuration: C3(su)‐>router(Config)# Usage The default distance is used when no distance is specified in the ipv6 route command. Changing the default distance does not update the distance of existing static routes, even if they were assigned the original default distance. The new default distance will only be applied to static routes created after invoking the ipv6 route distance command. Use the no form of this command to return the default distance to 1.
ping ipv6 ping ipv6 Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ipv6 ipv6-addr [size num] Parameters ipv6‐addr Specifies the global IPv6 address of the system to ping. Enter the address in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons. size num (Optional) Specifies the size of the datagram packet. The value of num can range from 48 to 2048 bytes. Defaults None.
ping ipv6 interface ping ipv6 interface Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ipv6 interface {vlan vlan-id | tunnel tunnel-id | loopback loop-id} {link-local-address ipv6-lladdr | ipv6-addr} [size num] Parameters vlan vlan‐id Specifies a VLAN interface as the source. tunnel tunnel‐id Specifies a tunnel interface as the source. loopback loop‐id Specifies a loopback interface as the source.
traceroute ipv6 traceroute ipv6 Use this command to discover the routes that packets actually take when traveling to their destination through the network on a hop‐by‐hop basis. Syntax traceroute ipv6 ipv6-addr [port] Parameters ipv6‐addr Specifies a host to which the route of an IPv6 packet will be traced. Enter the address in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons.
Interface Configuration Commands Interface Configuration Commands The commands to configure IPv6 interfaces are: For information about... Refer to page... ipv6 address 18-10 ipv6 enable 18-11 ipv6 mtu 18-12 ipv6 address This command configures a global IPv6 address on an interface, including VLAN, tunnel, and loopback interfaces, and enables IPv6 processing on the interface.
ipv6 enable This command also enables IPv6 processing on the interface and automatically generates a link‐ local address. You can assign multiple globally reachable addresses to an interface with this command. Use the no ipv6 address command without any parameters to remove all manually configured IPv6 addresses from the interface. Example This example configures an IPv6 address by using the eui64 parameter. Then, the show ipv6 interface is executed to display the configuration.
ipv6 mtu The no ipv6 enable command disables IPv6 routing on an interface that has been enabled with the ipv6 enable command, but it does not disable IPv6 processing on an interface that is configured with an explicit IPv6 address. Example This example enables IPv6 processing on VLAN 7. Note that a link‐local address has been automatically configured.
ipv6 mtu Note: All interfaces attached to the same physical medium must be configured with the same MTU to operate properly. Example This example sets the MTU value to 1500 bytes.
Neighbor Cache and Neighbor Discovery Commands Neighbor Cache and Neighbor Discovery Commands The IPv6 Neighbor Cache functions similarly to the IPv4 ARP table. Entries can be made to the Neighbor Cache by the Neighbor Discovery protocol. The Neighbor Discovery commands allow you to set protocol parameters on an interface basis. For information about... Refer to page...
ipv6 nd dad attempts ipv6 nd dad attempts This command configures the number of duplicate address detection (DAD) attempts made on the interface when configuring IPv6 unicast addresses. Syntax ipv6 nd dad attempts number no ipv6 nd dad attempts Parameters number Specifies the number of consecutive Neighbor Solicitation message transmitted on the interface, when Duplicate Address Detection (DAD) is performed on a unicast IPv6 address assigned to the interface. The value can range from 0 to 600.
ipv6 nd ns-interval ipv6 nd ns-interval This command configures the interval between Neighbor Solicitations sent on an interface. Syntax ipv6 nd ns-interval { msec | 0 } no ipv6 nd ns-interval Parameters msec Sets the interval in milliseconds between retransmissions of Neighbor Solicitation messages on the interface. The value can range from 1000 (one second) to 3,600,000 (one hour) milliseconds. 0 An advertised value of 0 means the interval is unspecified.
ipv6 nd managed-config-flag Mode Router interface configuration: C3(su)‐>router(configif(Vlan 1))# Usage This timer allows the C3 to detect unavailable neighbors. The shorter the time, the more quickly unavailable neighbors are detected. Very short configured times are not recommended in normal IPv6 operation, however, because shorter times consume more IPv6 network bandwidth and processing resources. This value is also included in all Router Advertisements messages sent out on the interface.
ipv6 nd other-config-flag ipv6 nd other-config-flag This command sets the “other stateful configuration” flag in router advertisements sent on this interface to true. Syntax ipv6 nd other-config-flag no ipv6 nd other-config-flag Parameters None. Defaults Flag is set to false by default.
ipv6 nd ra-lifetime Usage The no form of this command resets the interval value to the default of 600 seconds. Example This example sets the router advertisement transmission interval to 120 seconds. C3(su)->router(configif(Vlan 1))# ipv6 nd ra-interval 120 ipv6 nd ra-lifetime This command sets the value, in seconds, that is placed in the Router Lifetime field of router advertisements sent from this interface.
ipv6 nd prefix Defaults Suppression disabled. Mode Router interface configuration: C3(su)‐>router(configif(Vlan 1))# Usage By default, transmission of router advertisements is enabled. This command disables such transmissions. Use the no form of this command to re‐enable transmission. Example This example disables router advertisement transmission.
ipv6 nd prefix off‐link Unsets the on‐link flag. When not set, means that this prefix cannot be used for on‐link determination. By default, the on‐link flag is set/ enabled. Defaults • Valid‐lifetime — 604800 • Preferred‐lifetime — 2592000 • Autoconfig — enabled • On‐link — enabled Mode Router interface configuration: C3(su)‐>router(configif(Vlan 1))# Usage Refer to RFC 2461, “Neighbor Discovery for IP Version 6,” for more information about router advertisements.
Query Commands Query Commands The show commands that display IPv6 information are: For information about... Refer to page... show ipv6 18-22 show ipv6 interface 18-23 show ipv6 neighbors 18-24 show ipv6 route 18-25 show ipv6 route preferences 18-27 show ipv6 route summary 18-28 show ipv6 traffic 18-29 clear ipv6 statistics 18-35 show ipv6 This command displays the status of IPv6 forwarding mode and unicast routing mode. Syntax show ipv6 Parameters None. Defaults None.
show ipv6 interface show ipv6 interface This command displays information about one or all configured IPv6 interfaces. Syntax show ipv6 interface [vlan vlan-id | tunnel tunnel-id | loopback loop-id] Parameters vlan vlan‐id (Optional) Display information only about the specified interface. tunnel tunnel‐id loopback loop‐id Defaults If no interface is specified, information about all IPv6 interfaces is displayed.
show ipv6 neighbors This example displays information about IPv6 interface tunnel 1.
show ipv6 route Vlan 6 FE80::2D0:B7FF:FE2C:769E Vlan 6 FE80::2D0:B7FF:FE2C:76AA Vlan 6 FE80::2D0:B7FF:FE2C:76AB Vlan 6 FE80::2D0:B7FF:FE2C:76AC Vlan 6 FE80::2D0:B7FF:FE2C:76B4 Vlan 6 Table 18-1 00:d0:b7:2c:76:9e False Stale 1461 00:d0:b7:2c:76:aa False Stale 1540 00:d0:b7:2c:76:ab False Stale 1553 00:d0:b7:2c:76:ac False Stale 1566 00:d0:b7:2c:76:b4 False Delay 1903 Output of show ipv6 neighbor Command Output field... What it displays...
show ipv6 route protocol Specifies the protocol that installed the routes. Protocol can be one of the following keywords: connected static ospf all Specifies that all IPv6 routes should be displayed, including best and non‐best routes. Otherwise, only the best routes are displayed. Note: If you specify the connected keyword, the all option is not available because there will be no best or non-best routes. Defaults If no parameters are entered, information about all active IPv6 routes is displayed.
show ipv6 route preferences Table 18-2 Output of the show ipv6 route Command (Continued) Output... What it displays... IPv6 prefix/prefix-length The IPv6 prefix and prefix length of the destination IPv6 network corresponding to this route. [ Preference / Metric ] The administrative distance (preference) and cost (metric) associated with this route. Tag Displays the decimal value of the tag associated with a redistributed route, if it is not 0.
show ipv6 route summary OSPF OSPF OSPF OSPF OSPF Inter Ext T1 Ext T2 NSSA T1 NSSA T2 Table 18-3 10 13 150 14 151 Output of the show ipv6 route preferences Command Output... What it displays... Local Preference of directly-connected routes. Static Preference of static routes. OSPF Intra Preference of routes within the OSPF area. OSPR Inter Preference of routes to other OSPF routes that are outside of the area. OSPR Ext T1 Preference of OSPF Type-1 external routes.
show ipv6 traffic IPv6 Routing Table Summary - 6 entries Connected Routes Static Routes OSPF Routes Intra Area Routes Inter Area Routes External Type-1 Routes External Type-2 Routes Total routes 3 3 0 0 0 0 0 6 Number of Prefixes: /0: 1, /64: 5 Table 18-4 Output of the show ipv6 summary Command Output... What it displays... Connected Routes Total number of connected routes in the routing table. Static Routes Total number of static routes in the routing table.
show ipv6 traffic Example The following example displays the output of this command. Table 18‐5 describes the output fields. 18-30 C3(su)->router>show ipv6 traffic IPv6 STATISTICS Total Datagrams Received.................................. Received Datagrams Locally Delivered...................... Received Datagrams Discarded Due To Header Errors......... Received Datagrams Discarded Due To MTU................... Received Datagrams Discarded Due To No Route..............
show ipv6 traffic ICMPv6 Group Membership Response Messages Transmitted..... 8 ICMPv6 Group Membership Reduction Messages Transmitted.... 0 ICMPv6 Duplicate Address Detects.......................... 0 Table 18‐5 describes the output fields of this command. Table 18-5 Output of the show ipv6 traffic Command Output... What it displays... Total Datagrams Received Total number of input datagrams received by the interface, including those received in error.
show ipv6 traffic Table 18-5 18-32 Output of the show ipv6 traffic Command (Continued) Output... What it displays... Datagrams Failed To Reassemble Number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, etc.). Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in by combining them as they are received.
show ipv6 traffic Table 18-5 Output of the show ipv6 traffic Command (Continued) Output... What it displays... ICMPv6 Packets Too Big Messages Received Number of ICMP Packet Too Big messages received by the interface. ICMPv6 Echo Request Messages Received Number of ICMP Echo (request) messages received by the interface. ICMPv6 Echo Reply Messages Received Number of ICMP Echo Reply messages received by the interface.
show ipv6 traffic Table 18-5 18-34 Output of the show ipv6 traffic Command (Continued) Output... What it displays... ICMPv6 Router Solicit Messages Transmitted Number of ICMP Router Solicitation messages sent by the interface. ICMPv6 Router Advertisement Messages Transmitted Number of ICMP Router Advertisement messages sent by the interface. ICMPv6 Neighbor Solicit Messages Transmitted Number of ICMP Neighbor Solicitation messages sent by the interface.
clear ipv6 statistics clear ipv6 statistics This command clears IPv6 statistics for all interfaces or a specific interface. Syntax clear ipv6 statistics [interface] Parameters interface (Optional) Specifies the interface for statistics should be cleared. Interface can be of the form: vlan vlan‐id tunnel tunnel‐id loopback loop‐id Defaults If no interface is specified, statistics are cleared (reset to 0) for all interfaces.
clear ipv6 statistics 18-36 IPv6 Configuration
19 DHCPv6 Configuration * IPv6 Routing License Required * IPv6 routing must be enabled with a license key in order to use this feature. If you have purchased an IPv6 routing license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the DHCPv6 configuration command set. If you wish to purchase an IPv6 routing license, contact Enterasys Networks Sales.
Global Configuration Commands RFC 3315 also describes DHCPv6 Relay Agent interactions, which are very much like DHCPv4 Relay Agent. RFC 3046 describes the DHCPv6 Relay Agent Information Option, which employs very similar capabilities as those described by DHCPv4 Relay Agent Option in RFC 2132. With the larger address space inherent to IPv6, addresses within a network can be allocated more effectively in a hierarchical fashion.
ipv6 dhcp enable ipv6 dhcp enable This command enables DHCPv6 on the router. Syntax ipv6 dhcp enable no ipv6 dhcp enable Parameters None. Defaults By default, DHCPv6 is disabled. Mode Router global configuration: C3(su)‐>router(Config)# Usage Use this command to enable DHCPv6 on the router. Use the no form of this command to disable DHCPv6 after it has been enabled. Example This example enables DHCPv6.
ipv6 dhcp relay-agent-info-remote-id-subopt Example This example sets the Relay Agent Information Option value to 82. C3(su)->router(Config)# ipv6 dhcp relay-agent-info-opt 82 ipv6 dhcp relay-agent-info-remote-id-subopt This command configures a number to represent the DHCPv6 Relay Agent Remote‐ID sub‐option. Syntax ipv6 dhcp relay-agent-info-remote-id-subopt option Parameters option The value of option may range from 1 to 65535. The default value is 1.
ipv6 dhcp pool Mode Router global configuration: C3(su)‐>router(Config)# Usage DHCPv6 pools are used to specify information for the DHCPv6 server to distribute to DHCPv6 clients. These pools are shared between multiple interfaces over which DHCPv6 server capabilities are configured. After executing this command and entering pool configuration mode, you can return to global configuration mode by executing the exit command.
Address Pool Configuration Commands Address Pool Configuration Commands Purpose These DHCP pool configuration mode commands are used to configure address pool parameters. This information is provided to DHCP clients by the DHCP server. Commands For information about... Refer to page... domain-name 19-6 dns-server 19-7 prefix-delegation 19-7 exit 19-8 domain-name This command sets the DNS domain name which is provided to DHCPv6 clients by the DHCPv6 server.
dns-server dns-server This command sets the IPv6 DNS server address which is provided to DHCPv6 clients by the DHCPv6 server. Syntax dns-server server-address no dns-server server-address Parameters server‐address The IPv6 address of the DNS server. This parameter must be in the form documented in RFC 4291, with the address specified in hexadecimal using 16‐bit values between colons. Defaults None.
exit DUID The DHCP Unique Identifier (DUID) of the prefix delegation client, as described in RFC 3315. name hostname (Optional) The name of the prefix delegation client, consisting of up to 31 alpha‐numeric characters. This name is used for logging and/or tracing only. valid‐lifetime secs | infinite (Optional) The valid lifetime of the prefix, specified as seconds or as infinite. The value of secs can range from 0 to 4294967295.
exit Mode Router DHCPv6 pool configuration mode: C3(su)‐>router(Config‐dhcp6s‐pool)# Example This example illustrates how to exit DHCPv6 pool configuration mode.
Interface Configuration Commands Interface Configuration Commands Purpose These commands are used to configure an interface as either a DHCPv6 server or a DHCPv6 relay agent. Commands For information about... Refer to page... ipv6 dhcp server 19-10 ipv6 dhcp relay 19-11 ipv6 dhcp server This command configures DHCPv6 server functionality on an interface.
ipv6 dhcp relay Example This example configures routing interface VLAN 7 to be a DHCPv6 server, using the address pool named PoolA. C3(su)->router(Config)# interface vlan 7 C3(su)->router(config-if(Vlan 7))# ipv6 dhcp server PoolA ipv6 dhcp relay This command configures an interface for DHCPv6 relay agent functionality.
ipv6 dhcp relay Examples This example configures interface VLAN 8 as a DHCPv6 relay agent that relays DHCPv6 messages to the DHCPv6 server at the global address 2001:0db8:1234:5555::122:10.
DHCPv6 Show Commands DHCPv6 Show Commands Purpose These commands are used to display DHCPv6 configuration information and statistics, to clear statistics globally or for a specific interface, and to display address pool and binding information. Commands For information about... Refer to page...
show ipv6 dhcp interface show ipv6 dhcp interface This command displays DHCPv6 configuration information or DHCPv6 statistics for the specified routing interface. Syntax show ipv6 dhcp vlan vlan-id [statistics] Parameters vlan vlan‐id Specifies the ID of the routing interface for which to display DHCPv6 information. statistics (Optional) Specifies that DHCPv6 statistics for the specified interface should be displayed.
show ipv6 dhcp interface Table 19-1 Output of show ipv6 dhcp interface Command (Continued) Output... What it displays... Pool Name Displays when interface is a server. Shows the pool name specifying information for DHCPv6 server distribution to DHCPv6 clients. Server Preference Displays when interface is a server. Shows the preference of the server. Option Flags Displays when interface is a server. Shows whether rapid commit is enabled. Relay Address Displays when interface is a relay agent.
show ipv6 dhcp statistics show ipv6 dhcp statistics This command displays IPv6 DHCP statistics for all interfaces. Syntax show ipv6 dhcp statistics Parameters None. Defaults None. Mode Router privileged execution: C3(su)‐>router# Example This example displays the output of this command. Table 19‐2 on page 19‐16 describes the output fields.
clear ipv6 dhcp statistics Table 19-2 Output of show ipv6 dhcp statistics Command (Continued) Output... What it displays... DHCPv6 Release Packets Received Number of release received statistics. DHCPv6 Decline Packets Received Number of decline received statistics. DHCPv6 Inform Packets Received Number of inform received statistics. DHCPv6 Relay-forward Packets Received Number of relay forward received statistics. DHCPv6 Relay-reply Packets Received Number of relay-reply received statistics.
show ipv6 dhcp pool show ipv6 dhcp pool This command displays information about a specific configured pool. Syntax show ipv6 dhcp pool pool-name Parameters pool‐name The name of the configured address pool for which to display information. Defaults None. Mode Router privileged execution: C3(su)‐>router# Usage The information displayed by this command differs, depending on the configuration parameters of the pool.
show ipv6 dhcp binding show ipv6 dhcp binding This command displays information about DHCPv6 bindings. Syntax show ipv6 dhcp binding [ipv6-addr] Parameters ipv6‐addr (Optional) Specifies the IPv6 address of the DHCP prefix delegation client for which to display binding information. Defaults If no IPv6 address is specified, all bindings are displayed.
show ipv6 dhcp binding 19-20 DHCPv6 Configuration
20 OSPFv3 Configuration * IPv6 Routing License Required * IPv6 routing must be enabled with a license key in order to use this feature. If you have purchased an IPv6 routing license key, and have enabled routing on the device, you must activate your license as described in “Activating Licensed Features” on page 3-29 in order to enable the OSPFv3 protocol configuration command set. If you wish to purchase an IPv6 routing license, contact Enterasys Networks Sales.
Overview LSA formats are changed, and the type 3 and 4 summary LSAs are renamed “inter‐area‐prefix” and “inter‐area‐router” LSAs. Also note that OSPFv3 LSA identifiers contain no addressing semantics. LSA scope is generalized to link, area, and AS scope. OSPFv3 specifies the processing of unsupported LSAs. Unsupported LSAs are maintained in the database and flooded according to scope. In OSPFv3, routers with 100 or more interfaces generate more than one router LSA. A new link LSA has been created.
Global OSPFv3 Configuration Commands Global OSPFv3 Configuration Commands Purpose These commands are used to configure a router ID for the OSPFv3 router, to enter router OSPFv3 configuration mode, and to configure global OSPFv3 parameters. Command For information about... Refer to page...
ipv6 router ospf ipv6 router ospf This command enters Router OSPFv3 configuration mode. Syntax ipv6 router ospf Parameters None. Defaults None. Mode Router global configuration: C3(su)‐>router(Config)# Usage Use this command to enter OSPFv3 configuration mode so you can configure global OSPFv3 parameters. Example This example illustrates entering router OSPFv3 configuration mode.
default-metric Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Use this command to generate a default external route into an OSPFv3 routing domain. Use the no form of this command to stop the generation of a default external route. Example This example specifies a metric of 100 for the default route redistributed into the OSPFv3 routing domain, and an external metric type of 1.
distance ospf distance ospf This command sets the route preference value of OSPFv3.
exit-overflow-interval exit-overflow-interval This command configures the exit overflow interval for OSPFv3. Syntax exit-overflow-interval seconds no exit-overflow-interval Parameters seconds The range for seconds is from 0 to 2147483647. Defaults The default interval value is 0. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage The exit overflow interval is the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State.
maximum-paths Usage When the number of non‐default AS‐external‐LSAs in a routerʹs link‐state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non‐default AS‐external‐LSAs in it database. The external LSDB limit MUST be set identically in all routers attached to the OSPFv3 backbone and/or any regular OSPFv3 area. The no form of this command resets the limit to the default value of ‐1, meaning no limit.
redistribute redistribute This command configures the OSPFv3 protocol to allow redistribution of routes from the specified source protocol/routers. Syntax redistribute {connected | static} [metric value] [metric-type type] [tag tag] no redistribute {connected | static} [metric] [metric-type] [tag] Parameters connected | static Specifies the source protocol to redistribute. metric value (Optional) Specifies the route redistribution metric. The metric value can range from 0 to 16777214.
Area Configuration Commands Area Configuration Commands Purpose These commands are used to configure area parameters. Commands For information about... Refer to page...
area nssa Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Use this command to set the cost value for the default route that is sent into a stub area or NSSA by an Area Border Router (ABR). The no form of this command removes the cost value from the summary route that is sent into the stub area. Example This example sets the default route cost to 50 for area 20.
area nssa default-info-originate area nssa default-info-originate This command configures the metric value and type for the default route advertised into the NSSA. Syntax area areaid nssa default-info-originate [metric] [comparable | non-comparable] no area areaid nssa default-info-originate Parameters areaid Enter the area ID in IP address format (dotted‐quad) or as a decimal value. metric (Optional) Specifies the metric of the default route, in the range of 1 to 16777214.
area nssa no-summary Defaults None. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Use this command to prevent redistribution of learned external routes to the NSSA by this area border router (ABR). Use the no form of this command to enable redistribution of learned external routes to the NSSA. Example This example configures the router to not redistribute learned external routes into NSSA 20.
area nssa translator role area nssa translator role This command configures the translator role of the router. Syntax area areaid nssa translator-role {always | candidate} no area areaid nssa translator-role Parameters areaid Enter the area ID in IP address format (dotted‐quad) or as a decimal value. always Specifies that the router will always assume the role of the translator the instant is becomes a border router.
area nssa translator-stab-intv area nssa translator-stab-intv This command configures the translator stability interval of the NSSA. Syntax area areaid translator-stab-intv interval no area areaid translator-stab-intv Parameters areaid Enter the area ID in IP address format (dotted‐quad) or as a decimal value. interval Specifies the stability interval in seconds. The value of interval can range from 0 to 3600 seconds. Defaults The default interval is 40 seconds.
area stub nssaexternallink Specifies that route summarization should be based on external LSAs Type 7. advertise | not‐advertise (Optional) Specifies whether or not the routes should be advertised. If neither parameter is specifies, the default is advertise. Defaults Area address ranges are not configured by default. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Address ranges control the advertisement of routes across area boundaries.
area stub no-summary Usage A stub area is characterized by the fact that AS external LSAs are not propagated into the area. Removing AS external LSAs and summary LSAs can significantly reduce the link state database of routers within the stub area. Use the no form of the command to delete a stub area. Example This example creates a stub area with the ID of 30. C3(su)->router(Config-router)# area 30 stub area stub no-summary This command disables the import of summary LSAs into the specified stub area.
area virtual-link area virtual-link This command creates the OSPFv3 virtual interface for the specified area and neighbor. Syntax area areaid virtual-link neighborid no area areaid virtual-link neighborid Parameters areaid Enter the area ID in IP address format (dotted‐quad) or as a decimal value. neighborid Specify the virtual link neighbor by means of its router ID. The router ID must be entered in 32‐bit dotted‐quad notation. Defaults None.
area virtual-link hello-interval Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Use the no form of this command to return a configured value to the default of 40 seconds. Example This example configures a dead interval of 60 seconds for the specified virtual interface. C3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 dead-interval 60 area virtual-link hello-interval This command configures the hello interval for the specified OSPFv3 virtual interface.
area virtual-link retransmit-interval area virtual-link retransmit-interval This command configures the retransmit interval for the specified OSPFv3 virtual interface. Syntax area areaid virtual-link neighborid retransmit-interval seconds no area areaid virtual-link neighborid retransmit-interval Parameters areaid Enter the area ID in IP address format (dotted‐quad) or as a decimal value. neighborid Specify the virtual link neighbor by means of its router ID.
area virtual-link transmit-delay Defaults The default transmit delay is 1 second. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Use the no form of this command to reset the transmit delay to the default of 1 second. Example This example sets the transmit delay to 2 seconds for the specified OSPFv3 virtual interface. C3(su)->router(Config-router)# area 20 virtual-link 2.2.2.
Interface Configuration Commands Interface Configuration Commands Purpose These commands can be used to configure OSPF v3 routing interface parameters. Commands For information about... Refer to page...
ipv6 ospf areaid Example This example enters router interface configuration mode for VLAN 7 and then enables OSPFv3 on the interface. C3(su)->router(Config)# interface vlan 7 C3(su)->router(config-if(Vlan 7))# ipv6 ospf enable ipv6 ospf areaid This command sets the OSPFv3 area to which the router interface belongs. Syntax ipv6 ospf areaid areaid no ipv6 ospf areaid areaid Parameters areaid Specify the area ID in either 32‐bit dotted‐quad format or as a decimal number between 0 and 4294967295.
ipv6 ospf cost ipv6 ospf cost This command configures the cost of sending a packet on an OSPFv3 interface. Syntax ipv6 ospf cost cost no ipv6 ospf cost cost Parameters cost Specify the cost of sending a packet on this interface. The value can range from 1 to 65535. Defaults The default cost is 10. Mode Router interface configuration: C3(su)‐>router(configif(Vlan 1))# Usage Use this command to explicitly specify the cost of sending a packet on the interface being configured for OSPFv3.
ipv6 ospf hello-interval Usage The OSPFv3 dead interval is the length of time in seconds that a router’s Hello packets have not been seen before its neighbor routers declare that the router is down. The value for the dead interval must be the same for all routers attached to a common network, and should be some multiple of the hello interval. Use the no form of this command to return the dead interval to the default value of 40 seconds.
ipv6 ospf mtu-ignore ipv6 ospf mtu-ignore This command disables OSPFv3 maximum transmission unit (MTU) mismatch detection. Syntax ipv6 ospf mtu-ignore no ipv6 ospf mtu-ignore Parameters None. Defaults By default, MTU mismatch detection is enabled. Mode Router interface configuration: C3(su)‐>router(configif(Vlan 1))# Usage OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface.
ipv6 ospf priority Mode Router interface configuration: C3(su)‐>router(configif(Vlan 1))# Usage Normally, the network type is determined from the physical IP network type. By default, all Ethernet networks are OSPFv3 type broadcast. Similarly, tunnel interfaces default to point‐to‐ point. When an Ethernet port is used as a single large bandwidth IP network between two routers, the network type can be point‐to‐point since there are only two routers.
ipv6 ospf retransmit-interval ipv6 ospf retransmit-interval This command configures the OSPFv3 retransmit interval for the router interface. Syntax ipv6 ospf retransmit-interval seconds no ipv6 ospf retransmit-interval Parameters seconds Set the retransmit interval value, which can range from 0 to 3600 seconds. Defaults Default value is 4 seconds.
ipv6 ospf transmit-delay Usage The transmit delay, specified in seconds, sets the estimated number of seconds it takes to transmit a link state update packet over this interface. Use the no form of this command to return the transmit delay to the default value of 1 seconds. Example This example sets the transmit delay value to 4 seconds for router interface VLAN 7.
OSPFv3 Show Commands OSPFv3 Show Commands Purpose These commands are used to display OSPFv3 information and statistics. Commands For information about...
show ipv6 ospf Note: Some of the information in Table 20-1 displays only if you enable OSPFv3 and configure certain features. C3(su)->router# show ipv6 ospf Router ID OSPF Admin Mode ASBR Mode ABR Status Exit Overflow Interval External LSA Count External LSA Checksum New LSAs Originated LSAs Received External LSDB Limit Default Metric Maximum Paths Default Route Advertise Always Metric Metric Type Redistributing Source Metric Metric Type Tag Redistributing Source Metric Metric Type Tag Table 20-1 2.2.2.
show ipv6 ospf area Table 20-1 Output of show ipv6 ospf Command (Continued) Output... What it displays... New LSAs Originated Shows the number of new link-state advertisements that have been originated. LSAs Received Shows the number of link-state advertisements received determined to be new instantiations. External LSDB Limit Shows the maximum number of non-default AS-external-LSAs entries that can be stored in the link-state database. Default Metric Default value for redistributed routes.
show ipv6 ospf area Mode Router privileged execution: C3(su)‐>router# Example The output fields of this example are described in Table 20‐2 on page 20‐33. C3(su)->router>show ipv6 ospf area 20 AreaID External Routing Spf Runs Area Border Router Count Area LSA Count Area LSA Checksum Stub Mode OSPF NSSA Specific Information.
show ipv6 ospf abr Table 20-2 Output of show ipv6 ospf area Command (Continued) Output... What it displays... Default Metric Shows the metric value for the default route advertised into the NSSA. Default Metric Type Shows the metric type for the default route advertised into the NSSA. Translator Role Shows the NSSA translator role of the ABR, which is always or candidate.
show ipv6 ospf asbr Table 20-3 Output of show ipv6 ospf abr Command (Continued) Output... What it displays... Cost Cost of using this route. Area ID The area ID of the area from which this route is learned. Next Hop Intf Address of the next hop toward the destination. Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop. show ipv6 ospf asbr This command displays OSPFv3 routes to reach AS border routers. Syntax show ipv6 ospf asbr Parameters None.
show ipv6 ospf database show ipv6 ospf database This command displays information about the link state database when OSPFv3 is enabled. Syntax show ipv6 ospf [areaid] database [{external | inter-area {prefix | router} | link | network | nssa-external | prefix | router | unknown {area | as | link}}] [lsid] [{adv-router [rtrid] | self-originate}] Parameters areaid (Optional) Display database information about a specific area. Enter the area ID in IP address format (dotted‐quad) or as a decimal value.
show ipv6 ospf database C3(su)->router#show ipv6 ospf 10 database Inter Network States (Area 0.0.0.10) Adv Router Link Id Age Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------2.2.2.2 1 153 80000026 A8F2 Intra Prefix States (Area 0.0.0.10) Adv Router Link Id Age Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------2.2.2.
show ipv6 ospf database Metric Type: 2 Metric:20 IPv6 Prefix: 2301::/64 (None) Table 20-5 Output of the show ipv6 ospf database Command Output... What it displays... Link Id Is a number that uniquely identifies an LSA that a router originates from all other self originated LSAs of the same LS type. Adv Router The Advertising Router. Is a 32 bit dotted decimal number representing the LSDB interface. Age Is a number representing the age of the link state advertisement in seconds.
show ipv6 ospf database database-summary show ipv6 ospf database database-summary This command displays the number of each type of LSA in the database and the total number of LSAs in the database. Syntax show ipv6 ospf database database-summary Parameters None. Defaults None. Mode Router privileged execution: C3(su)‐>router# Example This example illustrates the output of this command. Table 20‐6 on page 20‐40 describes the output fields of this command.
show ipv6 ospf database database-summary Router database summary Router Network Inter-area Prefix Inter-area Router Type-7 Ext Link Intra-area Prefix Link Unknown Area Unknown AS Unknown Type-5 Ext Self-Originated Type-5 Ext Total Table 20-6 20-40 4 2 52 0 0 4 4 0 0 0 0 0 66 Output of show ipv6 ospf database database-summary Command Output... What it displays... Router Total number of router LSAs in the OSPFv3 link state database.
show ipv6 ospf interface show ipv6 ospf interface This command displays information about OSPFv3 interfaces. Syntax show ipv6 ospf interface {vlan vlanid | tunnel tunnelid | loopback loopid} Parameters vlan vlanid Specifies the VLAN interface to display information about. tunnel tunnelid Specifies the tunnel interface to display information about. loopback loopid Specifies the loopback interface to display information about. Defaults None.
show ipv6 ospf interface Iftransit Delay Interval Authentication Type Metric Cost OSPF Mtu-ignore OSPF Interface Type State Designated Router Backup Designated Router Number of Link Events Table 20-7 20-42 1 None 1 (computed) Disable point-to-point point-to-point 0.0.0.0 0.0.0.0 1 Output of show ipv6 ospf interface Command Output... What it displays... IPv6 Address Shows the IPv6 address of the interface. ifIndex Shows the interface index number associated with the interface.
show ipv6 ospf interface stats show ipv6 ospf interface stats This command displays statistics for a specific interface. Statistics are displayed only if OSPFv3 is enabled. Syntax show ipv6 ospf interface stats vlan vlanid Parameters vlan vlanid Specifies the VLAN interface for which to display statistics. Defaults None. Mode Router privileged execution: C3(su)‐>router# Example This example display statistics for VLAN 80. Table 20‐8 on page 20‐44 describes the output fields.
show ipv6 ospf interface stats Table 20-8 20-44 Output of show ipv6 ospf interface stats Command Output... What it displays... OSPFv3 Area ID The area ID of this OSPFv3 interface. Spf Runs Is the number of times that the intra-area route table has been calculated using this area's link-state database. Area Border Router Count The total number of area border routers reachable within this area. AS Border Router Count The total number of AS border routers reachable within this area.
show ipv6 ospf neighbor show ipv6 ospf neighbor This command displays information about OSPFv3 neighbors. Syntax show ipv6 ospf neighbor [interface {vlan vlanid | tunnel tunnelid}] [neighborid] Parameters interface (Optional) Restricts the output display to a specific interface. vlan vlanid Specify the VLAN interface to display information about.
show ipv6 ospf neighbor Table 20-9 Output of show ipv6 ospf neighbor Command (Continued) Output... What it displays... State Shows the state of the neighboring routers. Possible values are: • Down- initial state of the neighbor conversation - no recent information has been received from the neighbor. • Attempt - no recent information has been received from the neighbor but a more concerted effort should be made to contact the neighbor.
show ipv6 ospf range Table 20-10 Output of show ipv6 ospf neighbor routerid Command (Continued) Output... What it displays... Dead Timer Due Shows the amount of time, in seconds, to wait before the router assumes the neighbor is unreachable. State Shows the state of the neighboring routers. Events Number of times this neighbor relationship has changed state, or an error has occurred.
show ipv6 ospf stub table show ipv6 ospf stub table This command displays the OSPFv3 stub table, if OSPFv3 is initialized on the switch. Syntax show ipv6 ospf stub table Parameters None. Defaults None. Mode Router privileged execution: C3(su)‐>router# Example This example displays the OSPFv3 stub table information. Table 20‐12 on page 20‐48 describes the output fields.
show ipv6 ospf virtual-link show ipv6 ospf virtual-link This command displays the OSPFv3 virtual interface information for a specific area and neighbor. Syntax show ipv6 ospf virtual-link areaid neighborid Parameters areaid Enter the area ID in IP address format (dotted‐quad) or as a decimal value. neighborid Specify the neighbor by its router ID, specified in 32‐bit dotted quad format. Defaults None.
show ipv6 ospf virtual-link Table 20-13 20-50 Output of show ipv6 ospf virtual-link Command (Continued) Output... What it displays... Neighbor State The state of the neighbor. States are: down, loopback, waiting, point-to-point, designated router, and backup designated router.
21 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. For information about... Refer to page... Overview of Security Methods 21-1 Configuring RADIUS 21-4 Configuring 802.
Overview of Security Methods • 802.1X Port Based Network Access Control using EAPOL (Extensible Authentication Protocol) – provides a mechanism via a RADIUS server for administrators to securely authenticate and grant appropriate access to end user devices communicating with SecureStack C3 ports. For details on using CLI commands to configure 802.1X, refer to “Configuring 802.1X Authentication” on page 21‐12.
Overview of Security Methods returns a RADIUS Access‐Accept message that includes a Filter‐ID matching a policy profile name configured on the switch, the switch then dynamically applies the policy profile to the physical port the user/device is authenticating on. Filter-ID Attribute Formats Enterasys Networks supports two Filter‐ID formats — “decorated” and “undecorated.
Configuring RADIUS Configuring RADIUS Purpose To perform the following: • Review the RADIUS client/server configuration on the switch. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary server parameters, including IP address, timeout period, authentication realm, and number of user login attempts allowed. • Reset RADIUS server settings to default values. • Configure a RADIUS accounting server.
show radius show radius Use this command to display the current RADIUS client/server configuration. show radius [status | retries | timeout | server [index | all]] Parameters status (Optional) Displays the RADIUS server’s enable status. retries (Optional) Displays the number of retry attempts before the RADIUS server times out. timeout (Optional) Displays the maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin.
set radius Table 21-1 show radius Output Details (Continued) Output What It Displays... Realm-Type Realm defines who has to go through the RADIUS server for authentication. • Management-access: This means that anyone trying to access the switch (Telnet, SSH, Local Management) has to authenticate through the RADIUS server. • Network-access: This means that all the users have to authenticate to a RADIUS server before they are allowed access to the network.
set radius If realm is not specified, the any access realm will be used. Mode Switch command, read‐write. Usage The SecureStack C3 device allows up to 10 RADIUS accounting servers to be configured, with up to two servers active at any given time. The RADIUS client can only be enabled on the switch once a RADIUS server is online, and its IP address(es) has been configured with the same password the RADIUS client will use.
clear radius clear radius Use this command to clear RADIUS server settings. Syntax clear radius [retries] | [timeout] | [server {index | all | realm {index | all}}] Parameters retries Resets the maximum number of attempts a user can contact the RADIUS server before timing out to 3. timeout Resets the maximum amount of time to establish contact with the RADIUS server before timing out to 20 seconds. server Deletes server settings.
show radius accounting show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server. Syntax show radius accounting [server] | [counter ip-address] | [retries] | [timeout] Parameters server (Optional) Displays one or all RADIUS accounting server configurations. counter ip‐address (Optional) Displays counters for a RADIUS accounting server.
set radius accounting set radius accounting Use this command to configure RADIUS accounting. Syntax set radius accounting {[enable | disable][retries retries] [timeout timeout] [server ip_address port [server-secret] Parameters enable | disable Enables or disables the RADIUS accounting client. retries retries Sets the maximum number of attempts to contact a specified RADIUS accounting server before timing out. Valid retry values are 1 ‐ 10.
clear radius accounting clear radius accounting Use this command to clear RADIUS accounting configuration settings. Syntax clear radius accounting {server ip-address | retries | timeout | counter} Parameters server ip‐address Clears the configuration on one or more accounting servers. retries Resets the retries to the default value of 2. timeout Resets the timeout to 5 seconds. counter Clears counters. Mode Switch command, read‐write. Defaults None.
Configuring 802.1X Authentication Configuring 802.1X Authentication Purpose To review and configure 802.1X authentication for one or more ports using EAPOL (Extensible Authentication Protocol). 802.1X controls network access by enforcing user authorization on selected ports, which results in allowing or denying network access according to RADIUS server configuration. Notes: One user per EAPOL-configured port can be authenticated on SecureStack C3 devices.
show dot1x show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more ports. Syntax show dot1x [auth-diag] [auth-stats] [port [init | reauth]] [port-string] Parameters auth‐diag (Optional) Displays authentication diagnostics information. auth‐stats (Optional) Displays authentication statistics.
show dot1x auth-config This example shows how to display authentication statistics for fe.1.1: C3(su)->show dot1x auth-stats Port: 1 Auth-Stats EAPOL Frames Rx: EAPOL Frames Tx: EAPOL Start Frames Rx: EAPOL Logoff Frames Rx: EAPOL RespId Frames Rx: EAPOL Resp Frames Rx: EAPOL Req Frames Tx: EAP Length Error Frames Rx: Last EAPOL Frame Version: Last EAPOL Frame Source: fe.1.1 0 0 0 0 0 0 0 0 0 00:00:00:00:00:00 This example shows how to display the status of port reauthentication control for fe.1.
show dot1x auth-config port‐string (Optional) Limits the display of desired information information to specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If no parameters are specified, all 802.1X settings will be displayed. If port‐string is not specified, information for all ports will be displayed. Mode Switch command, read‐only. Examples This example shows how to display the EAPOL port control mode for fe.
set dot1x set dot1x Use this command to enable or disable 802.1X authentication, to reauthenticate one or more access entities, or to reinitialize one or more supplicants. Syntax set dot1x {enable | disable | port {init | reauth} {true | false} [port-string]} Parameters enable | disable Enables or disables 802.1X. port Enable or disable 802.1X reauthentication or initialization control on one or more ports. init | reauth Configure initialization or reauthentication control.
set dot1x auth-config set dot1x auth-config Use this command to configure 802.1X authentication. Syntax set dot1x auth-config {[authcontrolled-portcontrol {auto | forced-auth | forced-unauth}] [maxreq value] [quietperiod value] [reauthenabled {false | true}] [reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod value]} [port-string] Parameters authcontrolled‐ portcontrol auto | forced‐auth | forced‐unauth Specifies the 802.1X port control mode.
clear dot1x auth-config Examples This example shows how to enable reauthentication control on ports fe.1.1‐3: C3(su)->set dot1x auth-config reauthenabled true fe.1.1-3 This example shows how to set the 802.1X quiet period to 120 seconds on ports fe.1.1‐3: C3(su)->set dot1x auth-config quietperiod 120 fe.1.1-3 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports.
show eapol This example shows how to reset reauthentication control to disabled on ports fe.1.1‐3: C3(su)->clear dot1x auth-config reauthenabled fe.1.1-3 This example shows how to reset the 802.1X quiet period to 60 seconds on ports fe.1.1‐3: C3(su)->clear dot1x auth-config quietperiod fe.1.1-3 show eapol Use this command to display EAPOL status or settings for one or more ports. Syntax show eapol [port-string] Parameters port‐string (Optional) Displays EAPOL status for specific port(s).
show eapol Table 21-2 show eapol Output Details (Continued) Output What It Displays... Authentication State Current EAPOL authentication state for each port. Possible internal states for the authenticator (switch) are: • initialized: A port is in the initialize state when: – authentication is disabled, – authentication is enabled and the port is not linked, or – authentication is enabled and the port is linked.
set eapol set eapol Use this command to enable or disable EAPOL port‐based user authentication with the RADIUS server and to set the authentication mode for one or more ports. Syntax set eapol [enable | disable] [auth-mode {auto | forced-auth | forced-unauth} portstring] Parameters enable | disable Enables or disables EAPOL. auth‐mode Specifies the authentication mode as: auto | forced‐auth | forced‐unauth • auto ‐ Auto authorization mode.
clear eapol clear eapol Use this command to globally clear the EAPOL authentication mode, or to clear settings for one or more ports. Syntax clear eapol [auth-mode port-string] [port-string] Parameters auth‐mode (Optional) Globally clears the EAPOL authentication mode. port‐string Specifies the port(s) on which to clear EAPOL parameters. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
Configuring MAC Authentication Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication. This allows the device to authenticate source MAC addresses in an exchange with an authentication server. The authenticator (switch) selects a source MAC seen on a MAC‐authentication enabled port and submits it to a backend client for authentication. The backend client uses the MAC address stored password, if required, as credentials for an authentication attempt.
show macauthentication show macauthentication Use this command to display MAC authentication information for one or more ports. Syntax show macauthentication [port-string] Parameters port‐string (Optional) Displays MAC authentication information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, MAC authentication information will be displayed for all ports.
show macauthentication session Table 21-3 show macauthentication Output Details (Continued) Output What It Displays... Port username significant bits Number of significant bits in the MAC addresses to be used starting with the left-most bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails. Any other failure to authenticate the full address, (i.e.
set macauthentication Example This example shows how to display MAC session information: C3(su)->show macauthentication session Port MAC Address Duration Reauth Period --------------------- ---------- ------------ge.1.2 00:60:97:b5:4c:07 0,00:52:31 3600 Reauthentications ----------------disabled Table 21‐4 provides an explanation of the command output. Table 21-4 show macauthentication session Output Details Output What It Displays... Port Port designation.
set macauthentication password set macauthentication password Use this command to set a MAC authentication password. Syntax set macauthentication password password Parameters password Specifies a text string MAC authentication password. Defaults None. Mode Switch command, read‐write.
set macauthentication port set macauthentication port Use this command to enable or disable one or more ports for MAC authentication. Syntax set macauthentication port {enable | disable} port-string Parameters enable | disable Enables or disables MAC authentication. port‐string Specifies port(s) on which to enable or disable MAC authentication. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None.
set macauthentication portquietperiod Example This example shows how to force ge.2.1 through 5 to initialize: C3(su)->set macauthentication portinitialize ge.2.1-5 set macauthentication portquietperiod This sets the number of seconds following a failed authentication before another attempt may be made on the port.
set macauthentication macinitialize Mode Switch command, read‐write. Example This example resets the default quit period on port 1: C3(su)->clear macauthentication portquietperiod ge.1.1 set macauthentication macinitialize Use this command to force a current MAC authentication session to re‐initialize and remove the session. Syntax set macauthentication macinitialize mac_addr Parameters mac_addr Specifies the MAC address of the session to re‐initialize. Mode Switch command, read‐write.
set macauthentication portreauthenticate Mode Switch command, read‐write. Example This example shows how to enable MAC reauthentication on ge.4.1 though 5: C3(su)->set macauthentication reauthentication enable ge.4.1-5 set macauthentication portreauthenticate Use this command to force an immediate reauthentication of the currently active sessions on one or more MAC authentication ports.
set macauthentication reauthperiod Example This example shows how to force the MAC authentication session for address 00‐60‐97‐b5‐4c‐07 to reauthenticate: C3(su)->set macauthentication macreauthenticate 00-60-97-b5-4c-07 set macauthentication reauthperiod Use this command to set the MAC reauthentication period (in seconds). This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port.
clear macauthentication reauthperiod clear macauthentication reauthperiod Use this command to clear the MAC reauthentication period on one or more ports. Syntax clear macauthentication reauthperiod [port-string] Parameters port‐string (Optional) Clears the MAC reauthentication period on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
Configuring Multiple Authentication Methods Configuring Multiple Authentication Methods About Multiple Authentication Types When enabled, multiple authentication types allows users to authenticate using up to two methods on the same port. In order for multiple authentication to function on the device, each possible method of authentication (MAC authentication, 802.
Configuring Multiple Authentication Methods For information about... Refer to page...
show multiauth show multiauth Use this command to display multiple authentication system configuration. Syntax show multiauth Parameters None. Defaults None. Mode Switch command, read‐only.
set multiauth mode set multiauth mode Use this command to set the system authentication mode to allow multiple authenticators simultaneously (802.1x, PWA, and MAC Authentication) on a single port, or to strictly adhere to 802.1x authentication. Syntax set multiauth mode {multi | strict} Parameters multi Allow the system to use multiple authenticators simultaneously (802.1x, PWA, and MAC Authentication) on a port. This is the default mode. strict User must authenticate using 802.
set multiauth precedence Example This example shows how to clear the system authentication mode: C3(rw)->clear multiauth mode set multiauth precedence Use this command to set the system’s multiple authentication administrative precedence. Syntax set multiauth precedence {[dot1x] [mac] [pwa]} Parameters dot1x Sets precedence for 802.1X authentication. mac Sets precedence for MAC authentication. pwa Sets precedence for port web authentication Defaults None. Mode Switch command, read‐write.
show multiauth port Mode Switch command, read‐write. Example This example shows how to clear the multiple authentication precedence: C3(rw)->clear multiauth precedence show multiauth port Use this command to display multiple authentication properties for one or more ports. Syntax show multiauth port [port-string] Parameters port‐string (Optional) Displays multiple authentication information for specific port(s).
set multiauth port set multiauth port Use this command to set multiple authentication properties for one or more ports. Syntax set multiauth port mode {auth-opt | auth-reqd | force-auth | force-unauth} | numusers numusers port-string Parameters mode auth‐opt | auth‐reqd | force‐auth | force‐unauth Specifies the port(s)’ multiple authentication mode as: • auth‐opt — Authentication optional (“non‐strict” behavior). If a user does not attempt to authenticate using 802.1x, or if 802.
show multiauth station Defaults None. Mode Switch command, read‐write. Example This example shows how to clear the port multiple authentication mode on port ge.3.14: C3(rw)->clear multiauth port mode ge.3.14 This example shows how to clear the number of users on port ge.3.14: C3(rw)->clear multiauth port numusers ge.3.14 show multiauth station Use this command to display multiple authentication station (end user) entries.
Configuring VLAN Authorization (RFC 3580) Configuring VLAN Authorization (RFC 3580) Purpose Please see section 3‐31 of RFC 3580 for details on configuring a RADIUS server to return the desired tunnel attributes. From RFC 3580, “... it may be desirable to allow a port to be placed into a particular Virtual LAN (VLAN), defined in [IEEE8021Q], based on the result of the authentication.” The RADIUS server typically indicates the desired VLAN by including tunnel attributes within the Access‐Accept.
set vlanauthorization set vlanauthorization Enable or disable the use of the RADIUS VLAN tunnel attribute to put a port into a particular VLAN based on the result of authentication. Syntax set vlanauthorization {enable | disable} [port-string] Parameters enable | disable Enables or disables vlan authorization/tunnel attributes port‐string (Optional) Specifies which ports to enable or disable the use of VLAN tunnel attributes/authorization.
clear vlanauthorization Defaults By default, administrative egress is set to untagged. Mode Switch command, read‐write. Example This example shows how to enable the insertion of the RADIUS assigned VLAN to an 802.1q tag for all outbound frames for ports 10 through 15 on unit number 3. C3(rw)->set vlanauthorization egress tagged ge.3.10-15 clear vlanauthorization Use this command to return port(s) to the default configuration of VLAN authorization disabled, egress untagged.
show vlanauthorization show vlanauthorization Displays the VLAN authentication status and configuration information for the specified ports. Syntax show vlanauthorization [port-string] Parameters port‐string (Optional) Displays VLAN authentication status for the specified ports. If no port string is entered, then the global status of the setting is displayed. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
Configuring MAC Locking Configuring MAC Locking Purpose To review, disable, enable, and configure MAC locking. This feature locks a MAC address to one or more ports, preventing connection of unauthorized devices through the port(s). When source MAC addresses are received on specified ports, the switch discards all subsequent frames not containing the configured source addresses. The only frames forwarded on a “locked” port are those with the “locked” MAC address(es) for that port.
show maclock show maclock Use this command to display the status of MAC locking on one or more ports. Syntax show maclock [port-string] Parameters port‐string (Optional) Displays MAC locking status for specified port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, MAC locking status will be displayed for all ports. Mode Switch command, read‐only.
show maclock stations Table 21-6 show maclock Output Details Output What It Displays... Max FirstArrival Allocated The maximum end station MAC addresses allowed locked to the port. For details on setting this value using the set maclock firstarrival command, refer to “set maclock firstarrival” on page 21-53. Violating MAC Address Most recent MAC address(es) violating the maximum static and first arrival value(s) set for the port.
set maclock enable Table 21-7 show maclock stations Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 4-1. MAC address MAC address of the end station(s) locked to the port. Status Whether the end stations are active or inactive. State Whether the end station locked to the port is a first learned, first arrival or static connection.
set maclock disable set maclock disable Use this command to disable MAC locking on one or more ports. Syntax set maclock disable [port‐string] Parameters port‐string (Optional) Disables MAC locking on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, MAC locking will be disabled on all ports. Mode Switch command, read‐write.
clear maclock Mode Switch command, read‐write. Usage Configuring one or more ports for MAC locking requires globally enabling it on the switch first using the set maclock enable command as described in “set maclock enable” on page 21‐49. Example This example shows how to create a MAC locking association between MAC address 0e‐03‐ef‐d8‐ 44‐55 and port ge.3.2: C3(rw)->set maclock 0e-03-ef-d8-44-55 ge.3.2 create clear maclock Use this command to remove a static MAC address entry.
set maclock static set maclock static Use this command to set the maximum number of static MAC addresses allowed per port. Static MACs are administratively defined. Syntax set maclock static port-string value Parameters port‐string Specifies the port on which to set the maximum number of static MACs allowed. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. value Specifies the maximum number of static MAC addresses allowed per port.
set maclock firstarrival Example This example shows how to reset the number of allowable static MACs on fe.2.3: C3(rw)->clear maclock static fe.2.3 set maclock firstarrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. Syntax set maclock firstarrival port-string value Parameters port‐string Specifies the port on which to limit MAC locking.
clear maclock firstarrival clear maclock firstarrival Use this command to reset the number of first arrival MAC addresses allowed per port to the default value of 600. Syntax clear maclock firstarrival port-string Parameters port‐string Specifies the port on which to reset the first arrival value. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write.
set maclock trap Example This example shows how to move all current first arrival MACs to static entries on ports ge.3.1‐40: C3(rw)->set maclock move ge.3.1-40 set maclock trap Use this command to enable or disable MAC lock trap messaging. Syntax set maclock trap port-string {enable | disable} Parameters port‐string Specifies the port on which MAC lock trap messaging will be enabled or disabled.
Configuring Port Web Authentication (PWA) Configuring Port Web Authentication (PWA) About PWA PWA provides a way of authenticating users before allowing general access to the network. A PWA user’s access to the network is restricted until after the user successfully logs in via a web browser using the Enterasys Networks’ web‐based security interface. The SecureStack C3 device will validate all login credentials from the user with a RADIUS server before allowing network access. PWA is an alternative to 802.
show pwa For information about... Refer to page... set pwa initialize 21-64 set pwa quietperiod 21-65 set pwa maxrequest 21-65 set pwa portcontrol 21-66 show pwa session 21-66 set pwa enhancedmode 21-67 show pwa Use this command to display port web authentication information for one or more ports. Syntax show pwa [port-string] Parameters port‐string (Optional) Displays PWA information for specific port(s).
show pwa Table 21-8 21-58 show pwa Output Details Output What It Displays... PWA Status Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in “set pwa” on page 21-59. PWA IP Address IP address of the end station from which PWA will prevent network access until the user is authenticated. Set using the set pwa ipaddress command as described in “set pwa ipaddress” on page 21-61.
set pwa set pwa Use this command to enable or disable port web authentication. Syntax set pwa {enable | disable} Parameters enable | disable Enables or disables port web authentication. Defaults None. Mode Switch command, read‐write. Example This example shows how to enable port web authentication: C3(su)->set pwa enable show pwa banner Use this command to display the port web authentication login banner string. Syntax show pwa banner Parameters None. Defaults None.
set pwa banner set pwa banner Use this command to configure a string to be displayed as the PWA login banner. Syntax set pwa banner string Parameters string Specifies the PWA login banner. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the PWA login banner to “Welcome to Enterasys Networks”: C3(su)->set pwa banner “Welcome to Enterasys Networks” clear pwa banner Use this command to reset the PWA login banner to a blank string.
set pwa displaylogo set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo. Syntax set pwa displaylogo {display | hide} Parameters display | hide Displays or hides the Enterasys Networks logo when the PWA website displays. Defaults None. Mode Switch command, read‐write. Example This example shows how to hide the Enterasys Networks logo: C3(su)->set pwa displaylogo hide set pwa ipaddress Use this command to set the PWA IP address.
set pwa protocol set pwa protocol Use this command to set the port web authentication protocol. Syntax set pwa protocol {chap | pap} Parameters chap | pap Sets the PWA protocol to: • CHAP (PPP Challenge Handshake Protocol) ‐ encrypts the username and password between the end‐station and the switch port. • PAP (Password Authentication Protocol‐ does not provide any encryption between the end‐station the switch port. Defaults None. Mode Switch command, read‐write.
clear pwa guestname clear pwa guestname Use this command to clear the PWA guest user name. Syntax clear pwa guestname Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear the PWA guest user name C3(su)->clear pwa guestname set pwa guestpassword Use this command to set the guest user password for PWA networking. Syntax set pwa guestpassword Parameters None. Defaults None. Mode Switch command, read‐write.
set pwa gueststatus set pwa gueststatus Use this command to enable or disable guest networking for port web authentication. Syntax set pwa gueststatus {authnone | authradius | disable} Parameters authnone Enables guest networking with no authentication method. authradius Enables guest networking with RADIUS authentication. Upon successful authentication from RADIUS, PWA will apply the policy returned from RADIUS to the PWA port. disable Disables guest networking. Defaults None.
set pwa quietperiod Example This example shows how to initialize ports fe.1.5‐7: C3(su)->set pwa initialize fe.1.5-7 set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network. Syntax set pwa quietperiod time [port-string] Parameters time Specifies quiet time in seconds. port‐string (Optional) Sets the quiet period for specific port(s).
set pwa portcontrol Mode Switch command, read‐write. Example This example shows how to set the PWA maximum requests to 3 for all ports: C3(su)->set pwa maxrequests 3 set pwa portcontrol This command enables or disables PWA authentication on select ports. Syntax set pwa portcontrol {enable | disable} [port-string] Parameters enable | disable Enable or dissable PWA on specified ports. port‐string (Optional) Sets the control mode on specific port(s).
set pwa enhancedmode Mode Switch command, read‐only. Example This example shows how to display PWA session information: C3(su)->show pwa session Port MAC -------- ----------------ge.2.19 00-c0-4f-20-05-4b ge.2.19 00-c0-4f-24-51-70 ge.2.19 00-00-f8-78-9c-a7 IP --------------172.50.15.121 172.50.15.120 172.50.15.
Configuring Secure Shell (SSH) Configuring Secure Shell (SSH) Purpose To review, enable, disable, and configure the Secure Shell (SSH) protocol, which provides secure Telnet. Commands The commands used to review and configure SSH are listed below: For information about... show ssh status 21-68 set ssh 21-69 set ssh hostkey 21-69 show ssh status Use this command to display the current status of SSH on the switch. Syntax show ssh status Parameters None. Defaults None.
set ssh set ssh Use this command to enable, disable or reinitialize SSH server on the switch. By default, the SSH server is disabled. Syntax set ssh {enable | disable | reinitialize} Parameters enable | disable Enables or disables SSH, or reinitializes the SSH server. reinitialize Reinitializes the SSH server. Defaults None. Mode Switch command, read‐write.
Configuring Access Lists Configuring Access Lists Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 14-3. Purpose To review and configure security access control lists (ACLs), which permit or deny access to routing interfaces based on protocol and IP address restrictions.
access-list (standard) 1: 2: 3: 4: 5: permit icmp host 18.2.32.130 any permit udp host 198.92.32.130 host 171.68.225.126 deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255 deny ip 11.6.0.0 0.1.255.255 224.0.0.0 15.255.255.255 deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255 access-list (standard) Use this command to define a standard IP access list by number when operating in router mode. The no form of this command removes the defined access list or entry.
access-list (extended) Usage Valid access list numbers for standard ACLs are 1 to 99. For extended ACLs, valid values are 100 to 199. Access lists are applied to interfaces by using the ip access‐group command (“ip access‐group” on page 21‐74). Examples This example shows how to create access list 1 with three entries that allow access to only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses.
access-list (extended) source Specifies the network or host from which the packet will be sent. Valid options for expressing source are: • IP address or range of addresses (A.B.C.D) • any ‐ Any source host • host source ‐ IP address of a single source host source‐wildcard (Optional) Specifies the bits to ignore in the source address. operator port (Optional) Applies access rules to TCP or UDP source or destination port numbers.
ip access-group ip access-group Use this command to apply access restrictions to inbound frames on an interface when operating in router mode. The no form of this command removes the specified access list. Syntax ip access-group access-list-number in no ip access-group access-list-number in Parameters access‐list‐number Specifies the number of the access list to be applied to the access list. This is a decimal number from 1 to 199. in Filters inbound frames. Defaults None.
Index Numerics 802.1D 6-1 802.1p 8-17, 9-1 802.1Q 7-1 802.1s 6-1 802.1w 6-1 802.
Link State Advertisements displaying 16-30 retransmit interval 16-19 transmit delay 16-19 Lockout set system 3-7 Logging 11-1 Login administratively configured 1-8 default 1-7 setting accounts 3-2 via Telnet 1-7 Loopback interfaces, configuring 18-10 M MAC Addresses displaying 11-20 MAC Authentication 21-23 MAC Locking 21-46 maximum static entries 21-52 static 21-52 Management VLAN 7-1 MD5 Authentication 16-22 motd 3-20 Multicast 16-54 Multicast Filtering 10-1, 10-2 Multiple Spanning Tree Protocol (MSTP) 6
security models and levels 5-2 statistics 5-4 target addresses 5-29 target parameters 5-25 trap configuration example 5-43 users, groups and communities 5-8 SNTP 11-27 Spanning Tree 6-1 backup root 6-21 bridge parameters 6-3 features 6-2 port parameters 6-32 Rapid Spanning Tree Protocol (RSTP) 6-1 Split Horizon 16-9 SSL WebView 3-73 stacks installing units 2-2 operation 2-1 virtual switch configuration 2-4 Stub Areas 16-24 Syslog 11-1 System Information displaying basic 3-12 setting basic 3-9 T Virtual Li
Index-4
